[ https://issues.apache.org/jira/browse/CALCITE-5890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17750785#comment-17750785 ]
Istvan Toth edited comment on CALCITE-5890 at 8/3/23 4:03 PM: -------------------------------------------------------------- Testing on a system with a JVM configured for FIPS with bouncycastle: Trying to load a bcfks truststore without the patch: {noformat} Connecting to jdbc:phoenix:thin:url=https://quasar-uablrr-1.vpc.cloudera.com:8765;serialization=PROTOBUF;authentication=SPNEGO;truststore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;truststore_password=86cjugByTIj4IUGj4CD9SWwWeYXVwnx9PMNWVwyGECK [main] ERROR org.apache.calcite.avatica.remote.CommonsHttpClientPoolCache - HTTPS registry configuration failed java.lang.RuntimeException: java.io.IOException: Invalid keystore format {noformat} Trying to load the same with the patch and the new property: {noformat} Connecting to jdbc:phoenix:thin:url=https://quasar-uablrr-1.vpc.cloudera.com:8765;serialization=PROTOBUF;authentication=SPNEGO;truststore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;truststore_password=86cjugByTIj4IUGj4CD9SWwWeYXVwnx9PMNWVwyGECK;keystore_type=bcfks [main] INFO org.apache.calcite.avatica.remote.CommonsHttpClientPoolCache - Trustore loaded from: /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks{noformat} The trustsore file is bcfks, despite the file name extension. was (Author: stoty): Testing on a system with a JVM configure for FIPS with bouncycastle: Trying to load a bcfks truststore without the patch: {noformat} Connecting to jdbc:phoenix:thin:url=https://quasar-uablrr-1.vpc.cloudera.com:8765;serialization=PROTOBUF;authentication=SPNEGO;truststore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;truststore_password=86cjugByTIj4IUGj4CD9SWwWeYXVwnx9PMNWVwyGECK [main] ERROR org.apache.calcite.avatica.remote.CommonsHttpClientPoolCache - HTTPS registry configuration failed java.lang.RuntimeException: java.io.IOException: Invalid keystore format {noformat} Trying to load the same with the patch and the new property: {noformat} Connecting to jdbc:phoenix:thin:url=https://quasar-uablrr-1.vpc.cloudera.com:8765;serialization=PROTOBUF;authentication=SPNEGO;truststore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;truststore_password=86cjugByTIj4IUGj4CD9SWwWeYXVwnx9PMNWVwyGECK;keystore_type=bcfks [main] INFO org.apache.calcite.avatica.remote.CommonsHttpClientPoolCache - Trustore loaded from: /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks{noformat} The trustsore file is bcfks, despite the file name extension. > Handle non-JKS truststores in Avatica client > -------------------------------------------- > > Key: CALCITE-5890 > URL: https://issues.apache.org/jira/browse/CALCITE-5890 > Project: Calcite > Issue Type: Bug > Components: avatica > Reporter: Istvan Toth > Assignee: Istvan Toth > Priority: Major > Labels: pull-request-available > Time Spent: 20m > Remaining Estimate: 0h > > Avatica can handle non-JKS truststores on the server side. > However, the client fails if we try to use non-JKS keystore. > Either add a connection property to specify the keystore format, or enable > autodetection (if it is possible) -- This message was sent by Atlassian Jira (v8.20.10#820010)