Hello Patrick, Yeah , that would be flexible to make it configurable. Can I open a Jira for this ?
Earlier I created a jira (ZOOKEEPER-2428) for this not sure why it was removed. Thanks, Saurabh On Mon, May 16, 2016 at 6:20 PM, Patrick Hunt <[email protected]> wrote: > Makes sense to me. However I'd recommend that you make it configurable. > Make the default getDefaultAlgo, but allow it to be overridden by the user > via configuration at the ZK level. Print a debug level message with the > value used for debuggability. > > Patrick > > On Mon, May 16, 2016 at 7:24 AM, saurabh jain <[email protected]> > wrote: > > > Hello All , > > > > When connecting from a zookeeper client running in IBM WebSphere > > Application Server version 8.5.5, with SSL configured in ZooKeeper, the > > below mentioned exception is observed. > > > > org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a > > pipeline. > > at org.jboss.netty.bootstrap.ClientBootstrap.connect( > > ClientBootstrap.java:208) > > at org.jboss.netty.bootstrap.ClientBootstrap.connect( > > ClientBootstrap.java:182) > > at org.apache.zookeeper.ClientCnxnSocketNetty.connect( > > ClientCnxnSocketNetty.java:112) > > at org.apache.zookeeper.ClientCnxn$SendThread. > > startConnect(ClientCnxn.java:1130) > > at org.apache.zookeeper.ClientCnxn$SendThread.run( > > ClientCnxn.java:1158) > > Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException: > > Failed to create KeyManager > > at org.apache.zookeeper.common.X509Util.createSSLContext( > > X509Util.java:75) > > at > > org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory. > > initSSL(ClientCnxnSocketNetty.java:358) > > at > > org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory. > > getPipeline(ClientCnxnSocketNetty.java:348) > > at org.jboss.netty.bootstrap.ClientBootstrap.connect( > > ClientBootstrap.java:206) > > ... 4 more > > Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: > > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > > available > > at org.apache.zookeeper.common.X509Util.createKeyManager( > > X509Util.java:129) > > at org.apache.zookeeper.common.X509Util.createSSLContext( > > X509Util.java:73) > > ... 7 more > > Caused by: java.security.NoSuchAlgorithmException: SunX509 > > KeyManagerFactory not available > > at sun.security.jca.GetInstance.getInstance(GetInstance.java:172) > > at javax.net.ssl.KeyManagerFactory.getInstance( > > KeyManagerFactory.java:9) > > at org.apache.zookeeper.common.X509Util.createKeyManager( > > X509Util.java:118) > > > > > > Reason : IBM websphere uses its own jre and supports only IbmX509 > > keymanager algorithm which is causing an exception when trying to get an > > key manager instance using SunX509 which is not supported. > > Currently KeyManager algorithm name (SunX509) is hardcoded in the class > > X509Util.java. > > > > Possible fix: Instead of having algorithm name hardcoded to SunX509 we > can > > fall back to the default algorithm supported by the underlying jre. > > > > Instead of having this - > > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); > > TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); > > > > can we have ? > > KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory. > > getDefaultAlgorithm()); > > > > TrustManagerFactory tmf = TrustManagerFactory.getInstance( > > TrustManagerFactory.getDefaultAlgorithm()); > > > > Please advise. > > > > Thanks, > > Saurabh > > >
