zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andor Molnar <an...@apache.org>
Subject Re: Crypto Policy (was: Re: [VOTE] Apache ZooKeeper release 3.5.5 candidate 5)
Date Sat, 27 Apr 2019 15:33:42 GMT
Good catch, thanks Flavio for reporting this. We need to double check the tests with Ilya I
believe.

Having tests failure means that you were actually able to _build_ ZooKeeper successfully without
changing the crypto policy setting. Have you tried to start an ensemble with Quorum TLS by
any chance? That would add some more color to this issue.

This might be just a testing issue.

Regards,
Andor



> On 2019. Apr 27., at 16:09, Flavio Junqueira <fpj@apache.org> wrote:
> 
> Hi Enrico,
> 
> Here is the info you are requesting:
> 
> *Java version*
> 
> $ java -version
> java version "1.8.0_152"
> Java(TM) SE Runtime Environment (build 1.8.0_152-b16)
> Java HotSpot(TM) 64-Bit Server VM (build 25.152-b16, mixed mode)
> 
> *Test case errors*
> 
> I won’t post all of them, I get a good number of errors:
> 
> ================================
> [ERROR] Tests run: 64, Failures: 0, Errors: 16, Skipped: 0, Time elapsed: 9.21 s <<<
FAILURE! - in org.apache.zookeeper.util.PemReaderTest
> [ERROR] testLoadCertificateFromKeyStore[1](org.apache.zookeeper.util.PemReaderTest) 
Time elapsed: 1.593 s  <<< ERROR!
> java.io.IOException: org.bouncycastle.operator.OperatorCreationException: Illegal key
size or default parameters
> 	at org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125)
> Caused by: org.bouncycastle.operator.OperatorCreationException: Illegal key size or default
parameters
> 	at org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125)
> Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
> 	at org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125)
> 
> [ERROR] testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword[1](org.apache.zookeeper.util.PemReaderTest)
 Time elapsed: 0.004 s  <<< ERROR!
> java.lang.Exception: Unexpected exception, expected<java.security.GeneralSecurityException>
but was<java.io.IOException>
> 	at org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93)
> Caused by: org.bouncycastle.operator.OperatorCreationException: Illegal key size or default
parameters
> 	at org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93)
> Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
> 	at org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93)
> ...
> ================================
> 
> 
> *Crypto policy*
> If I uncomment this configuration option:
> 
>  # Please see the JCA documentation for additional information on these
>  # files and formats.
>  # crypto.policy=unlimited
> 
> in:
> 
>   $JAVA_HOME/jre/lib/security/java.security
> 
> then it all works and I get no error at all. This option controls cryptographic strengths
according to the documentation, and is present because of crypto regulations in different
countries.
> 
> Thanks,
> -Flavio
> 
>> On 27 Apr 2019, at 15:52, Enrico Olivelli <eolivelli@gmail.com> wrote:
>> 
>> Il sab 27 apr 2019, 14:18 Flavio Junqueira <fpj@apache.org> ha scritto:
>> 
>>> I have a clarification question about the RC. To build the RC, I had to
>>> enable crypto.policy unlimited in the jre (I'm using build 1.8.0_152-b16).
>> 
>> 
>> Flavio
>> What do you mean with 'build' ?
>> Make tests pass?
>> AFAIK we are not using tweaked jdks in CI builds, so in theory there is no
>> need.
>> 
>> Can you please share your error?
>> 
>> Enrico
>> 
>> 
>> I'm wondering if this is going to be an issue for some users as this option
>>> is related to import/export regulation. Has anyone looked into it and could
>>> clarify it to me, please?
>>> 
>>> Thanks,
>>> -Flavio
>>> 
>>> 
>>>> On 25 Apr 2019, at 15:10, Andor Molnar <andor@apache.org> wrote:
>>>> 
>>>> This is the first stable release of 3.5 branch: 3.5.5. It resolves 117
>>> issues, including Maven migration, Quorum TLS, TTL nodes and lots of other
>>> performance and stability improvements.
>>>> 
>>>> The full release notes is available at:
>>>> 
>>>> 
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12343268
>>>> 
>>>> *** Please download, test and vote by May 3rd 2019, 23:59 UTC+0. ***
>>>> 
>>>> Source files:
>>>> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.5.5-rc5/
>>>> 
>>>> Maven staging repos:
>>>> 
>>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/parent/3.5.5/
>>>> 
>>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper-jute/3.5.5/
>>>> 
>>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.5.5/
>>>> 
>>>> The release candidate tag in git to be voted upon: release-3.5.5-rc5
>>>> 
>>>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
>>>> http://www.apache.org/dist/zookeeper/KEYS
>>>> 
>>>> Should we release this candidate?
>>>> 
>>> 
>>> 
> 


Mime
View raw message