Marton Greber has uploaded this change for review. (
http://gerrit.cloudera.org:8080/23841
Change subject: [Java] Fix TLS truststore init for FIPS providers
......................................................................
[Java] Fix TLS truststore init for FIPS providers
In some field deployments running with a proprietary FIPS-compliant
crypto provider, the default KeyStore implementation rejects
KeyStore.load((LoadStoreParameter) null) with
IllegalArgumentException("'param' arg cannot be null"), causing TLS
trust-store construction in SecurityContext.trustCertificates() to fail.
Fix SecurityContext to initialize the in-memory KeyStore via
load(null, new char[0]) instead of the 1-arg overload, avoiding the
null-parameter path while preserving "empty keystore" semantics.
This is not a breaking change: both calls are valid KeyStore
initialization forms and for JDK keystores load(null, ...) is the
documented way [1] to create an empty KeyStore. We only make the
initialization more compatible with FIPS-oriented providers.
[1]:
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/KeyStore.html#load(java.io.InputStream,char%5B%5D)
Change-Id: I361341146c9115a17df182c397dbf4119ec68464
---
M java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/41/23841/1
--
To view, visit http://gerrit.cloudera.org:8080/23841
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I361341146c9115a17df182c397dbf4119ec68464
Gerrit-Change-Number: 23841
Gerrit-PatchSet: 1
Gerrit-Owner: Marton Greber <[email protected]>
