[
https://issues.apache.org/jira/browse/ZOOKEEPER-2297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15110482#comment-15110482
]
Flavio Junqueira edited comment on ZOOKEEPER-2297 at 1/21/16 11:59 AM:
-----------------------------------------------------------------------
bq. I will send a mail in the user/dev mailing list about this once agree upon
the changes.
I'd hold on to the e-mail until we converge on a proposal.
bq. To make it clear, this jira is changing zookeeper server side configuration
only. Now, with this change user need to mandatory configure the SSL scheme
name "x509" along with the other SSL configurations. Earlier "x509" was
instantiated by default, irrespective of secure or non-secure. So user not
required to configure this explicitly.
I got that and if we think that we will have other providers in the future,
then we certainly need a way of configuring it.
bq. The proposed change is similar to the way configuring the SASL auth
mechanism.
More or less. For authentication, we need to specify the provider among IP,
Digest/Passwd, SASL. In that case, we do need that parameter explicitly, and if
I'm passing a SaslAuthProvider parameter, then it is pretty clear that I want
SASL authentication. Passing a X509AuthenticationProvider parameter doesn't
make it clear the intent of the user with respect to SSL and given that we only
have one option at the moment, sounds unnecessary.
bq. I failed to find any dependency with SASL
if you check the stack trace in the description of this jira, then this
provider issue has arisen with a call to fixupACL in prep request processor.
The ACL stuff depends on the authentication to work, and actually, I should
have said authentication in general rather than just SASL. It'd be good to test
both SSL and SASL together.
was (Author: fpj):
bq. I will send a mail in the user/dev mailing list about this once agree upon
the changes.
I'd hold on the e-mail until we converge on a proposal.
bq. To make it clear, this jira is changing zookeeper server side configuration
only. Now, with this change user need to mandatory configure the SSL scheme
name "x509" along with the other SSL configurations. Earlier "x509" was
instantiated by default, irrespective of secure or non-secure. So user not
required to configure this explicitly.
I got that and if we think that we will have other providers in the future,
then we certainly need a way of configuring it.
bq. The proposed change is similar to the way configuring the SASL auth
mechanism.
More or less. For authentication, we need to specify the provider among IP,
Digest/Passwd, SASL. In that case, we do need that parameter explicitly, and if
I'm passing a SaslAuthProvider parameter, then it is pretty clear that I want
SASL authentication. Passing a X509AuthenticationProvider parameter doesn't
make it clear the intent of the user with respect to SSL and given that we only
have one option at the moment, sounds unnecessary.
bq. I failed to find any dependency with SASL
if you check the stack trace in the description of this jira, then this
provider issue has arisen with a call to fixupACL in prep request processor.
The ACL stuff depends on the authentication to work, and actually, I should
have said authentication in general rather than just SASL. It'd be good to test
both SSL and SASL together.
> NPE is thrown while creating "key manager" and "trust manager"
> ---------------------------------------------------------------
>
> Key: ZOOKEEPER-2297
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2297
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
> Affects Versions: 3.5.1
> Environment: Suse 11 sp 3
> Reporter: Anushri
> Assignee: Arshad Mohammad
> Priority: Blocker
> Fix For: 3.5.2, 3.6.0
>
> Attachments: ZOOKEEPER-2297-01.patch, ZOOKEEPER-2297-02.patch,
> ZOOKEEPER-2297-03.patch
>
>
> NPE is thrown while creating "key manager" and "trust manager" , even though
> the zk setup is in non-secure mode
> bq. 2015-10-19 12:54:12,278 [myid:2] - ERROR [ProcessThread(sid:2
> cport:-1)::X509AuthenticationProvider@78] - Failed to create key manager
> bq. org.apache.zookeeper.common.X509Exception$KeyManagerException:
> java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129)
> at
> org.apache.zookeeper.server.auth.X509AuthenticationProvider.<init>(X509AuthenticationProvider.java:75)
> at
> org.apache.zookeeper.server.auth.ProviderRegistry.initialize(ProviderRegistry.java:42)
> at
> org.apache.zookeeper.server.auth.ProviderRegistry.getProvider(ProviderRegistry.java:68)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.fixupACL(PrepRequestProcessor.java:952)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest2Txn(PrepRequestProcessor.java:379)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest(PrepRequestProcessor.java:716)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.run(PrepRequestProcessor.java:144)
> Caused by: java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:113)
> ... 7 more
> bq. 2015-10-19 12:54:12,279 [myid:2] - ERROR [ProcessThread(sid:2
> cport:-1)::X509AuthenticationProvider@90] - Failed to create trust manager
> bq. org.apache.zookeeper.common.X509Exception$TrustManagerException:
> java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createTrustManager(X509Util.java:158)
> at
> org.apache.zookeeper.server.auth.X509AuthenticationProvider.<init>(X509AuthenticationProvider.java:87)
> at
> org.apache.zookeeper.server.auth.ProviderRegistry.initialize(ProviderRegistry.java:42)
> at
> org.apache.zookeeper.server.auth.ProviderRegistry.getProvider(ProviderRegistry.java:68)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.fixupACL(PrepRequestProcessor.java:952)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest2Txn(PrepRequestProcessor.java:379)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest(PrepRequestProcessor.java:716)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.run(PrepRequestProcessor.java:144)
> Caused by: java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createTrustManager(X509Util.java:143)
> ... 7 more
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
