This is an automated email from the ASF dual-hosted git repository.
andor pushed a commit to branch branch-3.5
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.5 by this push:
new 355aef5 ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
355aef5 is described below
commit 355aef526072ff422aa348713bee3dad59be3c7e
Author: Ilya Maykov <[email protected]>
AuthorDate: Wed Jan 2 13:41:06 2019 +0100
ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
Key usage extension is wrong in test certs created by X509TestHelpers. This
works with Java SSL stack because it allows sloppy certs, but breaks with
Netty's OpenSSL stack. My Netty OpenSSL code is not ready for upstream yet, but
fixing the test cert extensions is a prerequisite and can go in separately.
Author: Ilya Maykov <[email protected]>
Reviewers: [email protected], [email protected]
Closes #743 from ivmaykov/ZOOKEEPER-3228
(cherry picked from commit 2a3800f00f4c14dde97c42a54806ba3485f27183)
Signed-off-by: Andor Molnar <[email protected]>
---
.../src/test/java/org/apache/zookeeper/common/X509TestHelpers.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
b/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
index 59b7634..2ca250d 100644
---
a/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
+++
b/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
@@ -152,7 +152,7 @@ public class X509TestHelpers {
certPublicKey);
builder.addExtension(Extension.basicConstraints, true, new
BasicConstraints(false)); // not a CA
builder.addExtension(
- Extension.keyUsage, true, new
KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyAgreement));
+ Extension.keyUsage, true, new
KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
builder.addExtension(
Extension.extendedKeyUsage,
true,