Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C48B9200C28 for ; Mon, 13 Mar 2017 17:22:28 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id C3141160B85; Mon, 13 Mar 2017 16:22:28 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 17666160B6C for ; Mon, 13 Mar 2017 17:22:27 +0100 (CET) Received: (qmail 4864 invoked by uid 500); 13 Mar 2017 16:22:08 -0000 Mailing-List: contact dev-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list dev@zookeeper.apache.org Received: (qmail 4234 invoked by uid 99); 13 Mar 2017 16:22:08 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Mar 2017 16:22:08 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id A5B33CA799 for ; Mon, 13 Mar 2017 16:22:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.651 X-Spam-Level: X-Spam-Status: No, score=0.651 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id YdlSoahPad2o for ; Mon, 13 Mar 2017 16:22:06 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id A59E161F0E for ; Mon, 13 Mar 2017 16:22:06 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 59841E0D33 for ; Mon, 13 Mar 2017 16:22:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 559F5243D8 for ; Mon, 13 Mar 2017 16:22:00 +0000 (UTC) Date: Mon, 13 Mar 2017 16:22:00 +0000 (UTC) From: "Michael Han (JIRA)" To: dev@zookeeper.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (ZOOKEEPER-2429) IbmX509 KeyManager and TrustManager algorithm not supported MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 13 Mar 2017 16:22:29 -0000 [ https://issues.apache.org/jira/browse/ZOOKEEPER-2429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Han updated ZOOKEEPER-2429: ----------------------------------- Fix Version/s: (was: 3.5.3) 3.5.4 > IbmX509 KeyManager and TrustManager algorithm not supported > ----------------------------------------------------------- > > Key: ZOOKEEPER-2429 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2429 > Project: ZooKeeper > Issue Type: Bug > Components: security, server > Affects Versions: 3.5.0 > Reporter: Saurabh Jain > Assignee: Saurabh jain > Priority: Minor > Fix For: 3.5.4, 3.6.0 > > > When connecting from a zookeeper client running in IBM WebSphere Application Server version 8.5.5, with SSL configured in ZooKeeper, the below mentioned exception is observed. > org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a pipeline. > at org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208) > at org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182) > at org.apache.zookeeper.ClientCnxnSocketNetty.connect(ClientCnxnSocketNetty.java:112) > at org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1130) > at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1158) > Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException: Failed to create KeyManager > at org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:75) > at org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:358) > at org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.getPipeline(ClientCnxnSocketNetty.java:348) > at org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206) > ... 4 more > Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available > at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129) > at org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:73) > ... 7 more > Caused by: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:172) > at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9) > at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:118) > Reason : IBM websphere uses its own jre and supports only IbmX509 keymanager algorithm which is causing an exception when trying to get an key manager instance using SunX509 which is not supported. > Currently KeyManager algorithm name (SunX509) is hardcoded in the class X509Util.java. > Possible fix: Instead of having algorithm name hardcoded to SunX509 we can fall back to the default algorithm supported by the underlying jre. > Instead of having this - > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); > TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); > can we have ? > KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); -- This message was sent by Atlassian JIRA (v6.3.15#6346)