[jira] [Work logged] (KNOX-1922) Fix DNSName error in org.apache.knox.gateway.util.X509CertificateUtil

[ASF GitHub Bot (JIRA)]

     [ 
https://issues.apache.org/jira/browse/KNOX-1922?focusedWorklogId=277525&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-277525
 ]

ASF GitHub Bot logged work on KNOX-1922:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 16/Jul/19 14:21
            Start Date: 16/Jul/19 14:21
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on issue #115: KNOX-1922 - 
Processing a DNSName only if the hostname starts with a letter
URL: https://github.com/apache/knox/pull/115#issuecomment-511837541
 
 
   Thanks, @risdenk for your time and the useful comment above. I've just 
submitted a new patch; tested as follows:
   ```
   $ ./bin/knoxcli.sh create-cert --hostname 127.0.0.1
   
***************************************************************************************************
   Be aware that you will need to enter your master secret for future starts 
exactly as you do here.
   This secret is needed to access protected resources for the service process.
   The master secret must be protected, kept secret and not stored in clear 
text anywhere.
   
***************************************************************************************************
   Enter master secret: 
   Enter master secret again: 
   Certificate gateway-identity has been successfully created.
   
   $ bin/gateway.sh start
   Starting Gateway succeeded with PID 18665.
   
   $ ps -ef | grep gateway
     502 18665     1   0  4:17PM ttys001    0:23.18 
/Library/Java/JavaVirtualMachines/jdk1.8.0_151.jdk/Contents/Home/jre//bin/java 
-Djava.library.path=/Users/smolnar/test/knoxGateway/ext/native    -jar 
/Users/smolnar/test/knoxGateway/bin/gateway.jar
   ```
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 277525)
    Time Spent: 50m  (was: 40m)

> Fix DNSName error in org.apache.knox.gateway.util.X509CertificateUtil
> ---------------------------------------------------------------------
>
>                 Key: KNOX-1922
>                 URL: https://issues.apache.org/jira/browse/KNOX-1922
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: KnoxCLI, Server
>    Affects Versions: 1.3.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Blocker
>             Fix For: 1.3.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> As part of KNOX-1912, there has been some modification that added DNSName 
> values for localhost even if the hostname evaluated to 127.0.0.1. However, 
> due to [RFC-1034,|https://www.ietf.org/rfc/rfc1034.txt] this is not allowed. 
> On the other hand, newer RFCs (e.g. RFC 2181, RFC 1123) are relaxing these 
> restrictions. Oracle claimed they fixed it in JDK 8 u212 
> ([https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8213952]) but it does 
> not seem to be the case.
>  As a result, neither the build finishes successfully nor the gateway starts 
> as expected due to the same DNSName issue ({{IOException: DNSName components 
> must begin with a letter}}).
> Recommended solution: only add the evaluated localhost address if it starts 
> with a letter.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)