This is an automated email from the ASF dual-hosted git repository.
andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 2a3800f ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
2a3800f is described below
commit 2a3800f00f4c14dde97c42a54806ba3485f27183
Author: Ilya Maykov <[email protected]>
AuthorDate: Wed Jan 2 13:41:06 2019 +0100
ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
Key usage extension is wrong in test certs created by X509TestHelpers. This
works with Java SSL stack because it allows sloppy certs, but breaks with
Netty's OpenSSL stack. My Netty OpenSSL code is not ready for upstream yet, but
fixing the test cert extensions is a prerequisite and can go in separately.
Author: Ilya Maykov <[email protected]>
Reviewers: [email protected], [email protected]
Closes #743 from ivmaykov/ZOOKEEPER-3228
---
.../src/test/java/org/apache/zookeeper/common/X509TestHelpers.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
b/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
index 59b7634..2ca250d 100644
---
a/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
+++
b/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
@@ -152,7 +152,7 @@ public class X509TestHelpers {
certPublicKey);
builder.addExtension(Extension.basicConstraints, true, new
BasicConstraints(false)); // not a CA
builder.addExtension(
- Extension.keyUsage, true, new
KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyAgreement));
+ Extension.keyUsage, true, new
KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
builder.addExtension(
Extension.extendedKeyUsage,
true,
