I’m running the tests fine without setting the policy to unlimited: java version "1.8.0_161" Java(TM) SE Runtime Environment (build 1.8.0_161-b12) Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)
Have you tried to run it with a more recent version of Java? Andor > On 2019. Apr 27., at 17:33, Andor Molnar <[email protected]> wrote: > > Good catch, thanks Flavio for reporting this. We need to double check the > tests with Ilya I believe. > > Having tests failure means that you were actually able to _build_ ZooKeeper > successfully without changing the crypto policy setting. Have you tried to > start an ensemble with Quorum TLS by any chance? That would add some more > color to this issue. > > This might be just a testing issue. > > Regards, > Andor > > > >> On 2019. Apr 27., at 16:09, Flavio Junqueira <[email protected]> wrote: >> >> Hi Enrico, >> >> Here is the info you are requesting: >> >> *Java version* >> >> $ java -version >> java version "1.8.0_152" >> Java(TM) SE Runtime Environment (build 1.8.0_152-b16) >> Java HotSpot(TM) 64-Bit Server VM (build 25.152-b16, mixed mode) >> >> *Test case errors* >> >> I won’t post all of them, I get a good number of errors: >> >> ================================ >> [ERROR] Tests run: 64, Failures: 0, Errors: 16, Skipped: 0, Time elapsed: >> 9.21 s <<< FAILURE! - in org.apache.zookeeper.util.PemReaderTest >> [ERROR] >> testLoadCertificateFromKeyStore[1](org.apache.zookeeper.util.PemReaderTest) >> Time elapsed: 1.593 s <<< ERROR! >> java.io.IOException: org.bouncycastle.operator.OperatorCreationException: >> Illegal key size or default parameters >> at >> org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125) >> Caused by: org.bouncycastle.operator.OperatorCreationException: Illegal key >> size or default parameters >> at >> org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125) >> Caused by: java.security.InvalidKeyException: Illegal key size or default >> parameters >> at >> org.apache.zookeeper.util.PemReaderTest.testLoadCertificateFromKeyStore(PemReaderTest.java:125) >> >> [ERROR] >> testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword[1](org.apache.zookeeper.util.PemReaderTest) >> Time elapsed: 0.004 s <<< ERROR! >> java.lang.Exception: Unexpected exception, >> expected<java.security.GeneralSecurityException> but was<java.io.IOException> >> at >> org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93) >> Caused by: org.bouncycastle.operator.OperatorCreationException: Illegal key >> size or default parameters >> at >> org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93) >> Caused by: java.security.InvalidKeyException: Illegal key size or default >> parameters >> at >> org.apache.zookeeper.util.PemReaderTest.testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword(PemReaderTest.java:93) >> ... >> ================================ >> >> >> *Crypto policy* >> If I uncomment this configuration option: >> >> # Please see the JCA documentation for additional information on these >> # files and formats. >> # crypto.policy=unlimited >> >> in: >> >> $JAVA_HOME/jre/lib/security/java.security >> >> then it all works and I get no error at all. This option controls >> cryptographic strengths according to the documentation, and is present >> because of crypto regulations in different countries. >> >> Thanks, >> -Flavio >> >>> On 27 Apr 2019, at 15:52, Enrico Olivelli <[email protected]> wrote: >>> >>> Il sab 27 apr 2019, 14:18 Flavio Junqueira <[email protected]> ha scritto: >>> >>>> I have a clarification question about the RC. To build the RC, I had to >>>> enable crypto.policy unlimited in the jre (I'm using build 1.8.0_152-b16). >>> >>> >>> Flavio >>> What do you mean with 'build' ? >>> Make tests pass? >>> AFAIK we are not using tweaked jdks in CI builds, so in theory there is no >>> need. >>> >>> Can you please share your error? >>> >>> Enrico >>> >>> >>> I'm wondering if this is going to be an issue for some users as this option >>>> is related to import/export regulation. Has anyone looked into it and could >>>> clarify it to me, please? >>>> >>>> Thanks, >>>> -Flavio >>>> >>>> >>>>> On 25 Apr 2019, at 15:10, Andor Molnar <[email protected]> wrote: >>>>> >>>>> This is the first stable release of 3.5 branch: 3.5.5. It resolves 117 >>>> issues, including Maven migration, Quorum TLS, TTL nodes and lots of other >>>> performance and stability improvements. >>>>> >>>>> The full release notes is available at: >>>>> >>>>> >>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12343268 >>>>> >>>>> *** Please download, test and vote by May 3rd 2019, 23:59 UTC+0. *** >>>>> >>>>> Source files: >>>>> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.5.5-rc5/ >>>>> >>>>> Maven staging repos: >>>>> >>>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/parent/3.5.5/ >>>>> >>>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper-jute/3.5.5/ >>>>> >>>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.5.5/ >>>>> >>>>> The release candidate tag in git to be voted upon: release-3.5.5-rc5 >>>>> >>>>> ZooKeeper's KEYS file containing PGP keys we use to sign the release: >>>>> http://www.apache.org/dist/zookeeper/KEYS >>>>> >>>>> Should we release this candidate? >>>>> >>>> >>>> >> >
