Good catch, thanks Flavio for reporting this. We need to double check the tests with Ilya I believe.
Having tests failure means that you were actually able to _build_ ZooKeeper successfully without changing the crypto policy setting. Have you tried to start an ensemble with Quorum TLS by any chance? That would add some more color to this issue. This might be just a testing issue. Regards, Andor > On 2019. Apr 27., at 16:09, Flavio Junqueira <[email protected]> wrote: > > Hi Enrico, > > Here is the info you are requesting: > > *Java version* > > $ java -version > java version "1.8.0_152" > Java(TM) SE Runtime Environment (build 1.8.0_152-b16) > Java HotSpot(TM) 64-Bit Server VM (build 25.152-b16, mixed mode) > > *Test case errors* > > I won’t post all of them, I get a good number of errors: > > ================================ > [ERROR] Tests run: 64, Failures: 0, Errors: 16, Skipped: 0, Time elapsed: > 9.21 s <<< FAILURE! - in org.apache.zookeeper.util.PemReaderTest > [ERROR] > testLoadCertificateFromKeyStore[1](org.apache.zookeeper.util.PemReaderTest) > Time elapsed: 1.593 s <<< ERROR! > java.io.IOException: org.bouncycastle.operator.OperatorCreationException: > Illegal key size or default parameters > at > org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125) > Caused by: org.bouncycastle.operator.OperatorCreationException: Illegal key > size or default parameters > at > org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125) > Caused by: java.security.InvalidKeyException: Illegal key size or default > parameters > at > org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125) > > [ERROR] > testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword[1](org.apache.zookeeper.util.PemReaderTest) > Time elapsed: 0.004 s <<< ERROR! > java.lang.Exception: Unexpected exception, > expected<java.security.GeneralSecurityException> but was<java.io.IOException> > at > org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93) > Caused by: org.bouncycastle.operator.OperatorCreationException: Illegal key > size or default parameters > at > org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93) > Caused by: java.security.InvalidKeyException: Illegal key size or default > parameters > at > org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93) > ... > ================================ > > > *Crypto policy* > If I uncomment this configuration option: > > # Please see the JCA documentation for additional information on these > # files and formats. > # crypto.policy=unlimited > > in: > > $JAVA_HOME/jre/lib/security/java.security > > then it all works and I get no error at all. This option controls > cryptographic strengths according to the documentation, and is present > because of crypto regulations in different countries. > > Thanks, > -Flavio > >> On 27 Apr 2019, at 15:52, Enrico Olivelli <[email protected]> wrote: >> >> Il sab 27 apr 2019, 14:18 Flavio Junqueira <[email protected]> ha scritto: >> >>> I have a clarification question about the RC. To build the RC, I had to >>> enable crypto.policy unlimited in the jre (I'm using build 1.8.0_152-b16). >> >> >> Flavio >> What do you mean with 'build' ? >> Make tests pass? >> AFAIK we are not using tweaked jdks in CI builds, so in theory there is no >> need. >> >> Can you please share your error? >> >> Enrico >> >> >> I'm wondering if this is going to be an issue for some users as this option >>> is related to import/export regulation. Has anyone looked into it and could >>> clarify it to me, please? >>> >>> Thanks, >>> -Flavio >>> >>> >>>> On 25 Apr 2019, at 15:10, Andor Molnar <[email protected]> wrote: >>>> >>>> This is the first stable release of 3.5 branch: 3.5.5. It resolves 117 >>> issues, including Maven migration, Quorum TLS, TTL nodes and lots of other >>> performance and stability improvements. >>>> >>>> The full release notes is available at: >>>> >>>> >>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12343268 >>>> >>>> *** Please download, test and vote by May 3rd 2019, 23:59 UTC+0. *** >>>> >>>> Source files: >>>> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.5.5-rc5/ >>>> >>>> Maven staging repos: >>>> >>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/parent/3.5.5/ >>>> >>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper-jute/3.5.5/ >>>> >>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.5.5/ >>>> >>>> The release candidate tag in git to be voted upon: release-3.5.5-rc5 >>>> >>>> ZooKeeper's KEYS file containing PGP keys we use to sign the release: >>>> http://www.apache.org/dist/zookeeper/KEYS >>>> >>>> Should we release this candidate? >>>> >>> >>> >
