[ https://issues.apache.org/jira/browse/HADOOP-17699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiaoyu Yao resolved HADOOP-17699. --------------------------------- Fix Version/s: 3.4.0 Hadoop Flags: Reviewed Resolution: Fixed > Remove hardcoded SunX509 usage from SSLFactory > ---------------------------------------------- > > Key: HADOOP-17699 > URL: https://issues.apache.org/jira/browse/HADOOP-17699 > Project: Hadoop Common > Issue Type: Bug > Reporter: Xiaoyu Yao > Assignee: Xiaoyu Yao > Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and > ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which > is used to get a KeyManager/TrustManager. This KeyManager type might not be > available if using the other JSSE providers, e.g., in FIPS deployment. > > {code:java} > WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized > ssl related configuration. Fall > back to system-generic settings. > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137) > at > org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186) > at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187) > at > org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.<init>(SSLConnectionConfigurator.java:50) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79) > {code} > This ticket is opened to use the DefaultAlgorithm defined by Java system > property: > ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm. > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org