[
https://issues.apache.org/jira/browse/ZOOKEEPER-4992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated ZOOKEEPER-4992:
--------------------------------------
Labels: pull-request-available (was: )
> Loading multiple trusted certificates with identical subject names from a PEM
> bundle fails
> ------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-4992
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4992
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client, server
> Affects Versions: 3.9.4
> Reporter: Tero Saarni
> Priority: Minor
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When a PEM bundle file is read as a trust store, each certificate is added to
> an in-memory {{KeyStore}} using the subject name as the alias:
> [https://github.com/apache/zookeeper/blob/e8e141b21f3a07797958c74053762048c7a3a0bf/zookeeper-server/src/main/java/org/apache/zookeeper/util/PemReader.java#L95-L98]
> for (X509Certificate certificate : certificateChain) \{
> X500Principal principal = certificate.getSubjectX500Principal();
> keyStore.setCertificateEntry(principal.getName("RFC2253"),
> certificate);
> }
> If two CA certificates in the bundle share the same subject name, the first
> entry is overridden by the second.
> This behavior causes loss of trusted certificates that have identical
> subjects but are otherwise different certificates. Using the subject name as
> a unique alias is therefore not suitable.
> Related to ZOOKEEPER-4990
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
