[jira] [Updated] (HADOOP-17699) Remove hardcoded SunX509 usage from SSLFactory

Fri, 26 Jan 2024 22:02:19 -0800 


     [ 
https://issues.apache.org/jira/browse/HADOOP-17699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shilun Fan updated HADOOP-17699:
--------------------------------
    Component/s: common

> Remove hardcoded SunX509 usage from SSLFactory
> ----------------------------------------------
>
>                 Key: HADOOP-17699
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17699
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: common
>    Affects Versions: 3.4.0
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.4.0
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and 
> ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which 
> is used to get a KeyManager/TrustManager. This KeyManager type might not be 
> available if using the other JSSE providers, e.g.,  in FIPS deployment.
>  
> {code:java}
> WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized 
> ssl related configuration. Fall
>  back to system-generic settings.
>  java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not 
> available
>  at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
>  at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137)
>  at 
> org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186)
>  at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187)
>  at 
> org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.<init>(SSLConnectionConfigurator.java:50)
>  at 
> org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100)
>  at 
> org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79)
> {code}
> This ticket is opened to use the DefaultAlgorithm defined by Java system 
> property: 
> ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to