[jira] [Created] (ARTEMIS-3185) Various TLS tests fail on newer JDKs/environments

Wed, 17 Mar 2021 05:22:27 -0700 

Robbie Gemmell created ARTEMIS-3185:
---------------------------------------

             Summary: Various TLS tests fail on newer JDKs/environments
                 Key: ARTEMIS-3185
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3185
             Project: ActiveMQ Artemis
          Issue Type: Test
          Components: Tests
    Affects Versions: 2.17.0
            Reporter: Robbie Gemmell


Various broker integration tests fail after I updated to Fedora 33, seemingly 
on all JDK versions but certainly with 8u275 and above, with the failing tests 
all being TLS related. For example, AMQPConnectSaslTest, JMSSaslExternalTest, 
JMSSaslExternalLDAPTest failed, though there are others.

Specifically, the related keystore for those tests looks to be keystore1.jks 
under tests/integration-tests/src/test/resources (though possibly other files 
in there and related tests could be affected or need updated also). The key 
contained uses SHA1withRSA for the signature, which keytool notes is disabled 
and so that is presumably the problem:
{noformat}
$ keytool -keystore keystore1.jks -storepass changeit -list -v
...snipped...
Signature algorithm name: SHA1withRSA (disabled)
...snipped...
<keystore1> uses the SHA1withRSA signature algorithm which is considered a 
security risk and is disabled.
{noformat}
I'm not clear how the file was generated and dont see the CA key used to sign 
it and which matches up to the truststore.jks file (it uses SHA256withRSA sig 
and so should be fine if the key were updated in isolation). If someone who 
knows the process used could update the key that would be great.

A suggestion I would make is to create a script that creates the files, both so 
it can be seen later what was done, and more easily repeated and/or updated 
when needed. E.g for example we do this with the [Qpid JMS tests 
resources|https://github.com/apache/qpid-jms/blob/0.57.0/qpid-jms-client/src/test/resources/README.txt],
 which I adapted for creating the ['broker-connections' TLS 
example|https://github.com/apache/activemq-artemis/blob/master/examples/features/broker-connection/amqp-sending-overssl/store-generation.txt]
 resources when I was updating that.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to