zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Flavio Junqueira <...@apache.org>
Subject Re: Crypto Policy (was: Re: [VOTE] Apache ZooKeeper release 3.5.5 candidate 5)
Date Sat, 27 Apr 2019 14:09:11 GMT
Hi Enrico,

Here is the info you are requesting:

*Java version*

$ java -version
java version "1.8.0_152"
Java(TM) SE Runtime Environment (build 1.8.0_152-b16)
Java HotSpot(TM) 64-Bit Server VM (build 25.152-b16, mixed mode)

*Test case errors*

I won’t post all of them, I get a good number of errors:

================================
[ERROR] Tests run: 64, Failures: 0, Errors: 16, Skipped: 0, Time elapsed: 9.21 s <<<
FAILURE! - in org.apache.zookeeper.util.PemReaderTest
[ERROR] testLoadCertificateFromKeyStore[1](org.apache.zookeeper.util.PemReaderTest)  Time
elapsed: 1.593 s  <<< ERROR!
java.io.IOException: org.bouncycastle.operator.OperatorCreationException: Illegal key size
or default parameters
	at org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125)
Caused by: org.bouncycastle.operator.OperatorCreationException: Illegal key size or default
parameters
	at org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125)
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
	at org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125)

[ERROR] testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword[1](org.apache.zookeeper.util.PemReaderTest)
 Time elapsed: 0.004 s  <<< ERROR!
java.lang.Exception: Unexpected exception, expected<java.security.GeneralSecurityException>
but was<java.io.IOException>
	at org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93)
Caused by: org.bouncycastle.operator.OperatorCreationException: Illegal key size or default
parameters
	at org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93)
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
	at org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93)
...
================================


*Crypto policy*
If I uncomment this configuration option:

  # Please see the JCA documentation for additional information on these
  # files and formats.
  # crypto.policy=unlimited

in:

   $JAVA_HOME/jre/lib/security/java.security

then it all works and I get no error at all. This option controls cryptographic strengths
according to the documentation, and is present because of crypto regulations in different
countries.

Thanks,
-Flavio

> On 27 Apr 2019, at 15:52, Enrico Olivelli <eolivelli@gmail.com> wrote:
> 
> Il sab 27 apr 2019, 14:18 Flavio Junqueira <fpj@apache.org> ha scritto:
> 
>> I have a clarification question about the RC. To build the RC, I had to
>> enable crypto.policy unlimited in the jre (I'm using build 1.8.0_152-b16).
> 
> 
> Flavio
> What do you mean with 'build' ?
> Make tests pass?
> AFAIK we are not using tweaked jdks in CI builds, so in theory there is no
> need.
> 
> Can you please share your error?
> 
> Enrico
> 
> 
> I'm wondering if this is going to be an issue for some users as this option
>> is related to import/export regulation. Has anyone looked into it and could
>> clarify it to me, please?
>> 
>> Thanks,
>> -Flavio
>> 
>> 
>>> On 25 Apr 2019, at 15:10, Andor Molnar <andor@apache.org> wrote:
>>> 
>>> This is the first stable release of 3.5 branch: 3.5.5. It resolves 117
>> issues, including Maven migration, Quorum TLS, TTL nodes and lots of other
>> performance and stability improvements.
>>> 
>>> The full release notes is available at:
>>> 
>>> 
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12343268
>>> 
>>> *** Please download, test and vote by May 3rd 2019, 23:59 UTC+0. ***
>>> 
>>> Source files:
>>> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.5.5-rc5/
>>> 
>>> Maven staging repos:
>>> 
>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/parent/3.5.5/
>>> 
>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper-jute/3.5.5/
>>> 
>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.5.5/
>>> 
>>> The release candidate tag in git to be voted upon: release-3.5.5-rc5
>>> 
>>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
>>> http://www.apache.org/dist/zookeeper/KEYS
>>> 
>>> Should we release this candidate?
>>> 
>> 
>> 


Mime
View raw message