Resolved by rev. 1458901
On 20 March 2013 13:24, Ken Giusti <kgiu...@redhat.com> wrote:
> This failure is due to my updates to the SSL certificates and keys used by
> the SSL unit tests.
> IllegalStateException: java.lang.IllegalStateException: Unable to read PEM
> object from file
> proton_tests.ssl.SslTest.test_client_server_authentication ..............Mar
> 20, 2013 1:48:59 AM
> org.apache.qpid.proton.engine.impl.ssl.SslEngineFacadeFactory readPemObject
> SEVERE: Unable to read PEM object. Perhaps you need the unlimited strength
> libraries in <java-home>/jre/lib/security/ ?
> org.bouncycastle.openssl.PEMException: problem parsing ENCRYPTED PRIVATE KEY:
> java.security.InvalidKeyException: Illegal key size
> I've hit this problem before, and have yet to be able to solve it (on my
> machine, at least).
> The problem is due to the export restrictions on encryption. I suspect the
> default java configuration for some machines - certainly OSX - does not allow
> for exportable key lengths. On such systems, the proton SSL test will fail
> as the environment cannot handle the key lengths used in the checked in
> So why not check in certificates with short keys? That'll fix the problem.
> But I can't - the Fedora packages do not support creating certs with short
> key lengths, for security reasons. Therefore I cannot generate universally
> usable certs in my environment.
> This is a call for help - is there anyone out there who is seeing the same
> SSL test failures using the latest trunk? If so, can you regenerate the test
> certificates on your system? There's a script attached to the end of the
> README.txt file in qpid-proton/tests/python/proton_tests/ssl_db - simply run
> that in the ssl_db directory to regenerate the certs. Rerun the SSL tests -
> they should pass. If they do, send me the diff and I'll check it in.
> Alternatively, if anyone can figure out how to install weak keysigning
> algorithms on a Fedora box - I'm all ears.
> FYI: In order to support the larger key lengths, the following policy files
> need to be installed:
> ----- Forwarded Message -----
>> From: "Apache Jenkins Server" <jenk...@builds.apache.org>
>> To: notificati...@qpid.apache.org
>> Sent: Tuesday, March 19, 2013 9:49:01 PM
>> Subject: Jenkins build is still unstable: Qpid-proton-j » tests #295