zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From an...@apache.org
Subject [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
Date Wed, 02 Jan 2019 12:41:36 GMT
This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch branch-3.5
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/branch-3.5 by this push:
     new 355aef5  ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
355aef5 is described below

commit 355aef526072ff422aa348713bee3dad59be3c7e
Author: Ilya Maykov <ilyam@fb.com>
AuthorDate: Wed Jan 2 13:41:06 2019 +0100

    ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
    
    Key usage extension is wrong in test certs created by X509TestHelpers. This works with
Java SSL stack because it allows sloppy certs, but breaks with Netty's OpenSSL stack. My Netty
OpenSSL code is not ready for upstream yet, but fixing the test cert extensions is a prerequisite
and can go in separately.
    
    Author: Ilya Maykov <ilyam@fb.com>
    
    Reviewers: fangmin@apache.org, andor@apache.org
    
    Closes #743 from ivmaykov/ZOOKEEPER-3228
    
    (cherry picked from commit 2a3800f00f4c14dde97c42a54806ba3485f27183)
    Signed-off-by: Andor Molnar <andor@apache.org>
---
 .../src/test/java/org/apache/zookeeper/common/X509TestHelpers.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
b/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
index 59b7634..2ca250d 100644
--- a/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
+++ b/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
@@ -152,7 +152,7 @@ public class X509TestHelpers {
                 certPublicKey);
         builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
// not a CA
         builder.addExtension(
-                Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyAgreement));
+                Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
         builder.addExtension(
                 Extension.extendedKeyUsage,
                 true,


Mime
View raw message