Thanks Keith! Jenkins is back to stable. Hopefully that's it for the next 300 years.... :)
----- Original Message ----- > From: "Keith W" <keith.w...@gmail.com> > To: proton@qpid.apache.org > Sent: Wednesday, March 20, 2013 12:01:26 PM > Subject: Re: Help needed [Fwd: Jenkins build is still unstable: Qpid-proton-j > » tests #295] > > Resolved by rev. 1458901 > > On 20 March 2013 13:24, Ken Giusti <kgiu...@redhat.com> wrote: > > > > This failure is due to my updates to the SSL certificates and keys > > used by the SSL unit tests. > > > > Specifically: > > > > IllegalStateException: java.lang.IllegalStateException: Unable to > > read PEM object from file > > /home/jenkins/jenkins-slave/workspace/Qpid-proton-j/trunk/tests/target/classes/proton_tests/ssl_db/server-private-key.pem > > proton_tests.ssl.SslTest.test_client_server_authentication > > ..............Mar 20, 2013 1:48:59 AM > > org.apache.qpid.proton.engine.impl.ssl.SslEngineFacadeFactory > > readPemObject > > SEVERE: Unable to read PEM object. Perhaps you need the unlimited > > strength libraries in <java-home>/jre/lib/security/ ? > > org.bouncycastle.openssl.PEMException: problem parsing ENCRYPTED > > PRIVATE KEY: java.security.InvalidKeyException: Illegal key size > > > > > > I've hit this problem before, and have yet to be able to solve it > > (on my machine, at least). > > > > The problem is due to the export restrictions on encryption. I > > suspect the default java configuration for some machines - > > certainly OSX - does not allow for exportable key lengths. On > > such systems, the proton SSL test will fail as the environment > > cannot handle the key lengths used in the checked in certificates. > > > > So why not check in certificates with short keys? That'll fix the > > problem. But I can't - the Fedora packages do not support > > creating certs with short key lengths, for security reasons. > > Therefore I cannot generate universally usable certs in my > > environment. > > > > This is a call for help - is there anyone out there who is seeing > > the same SSL test failures using the latest trunk? If so, can you > > regenerate the test certificates on your system? There's a script > > attached to the end of the README.txt file in > > qpid-proton/tests/python/proton_tests/ssl_db - simply run that in > > the ssl_db directory to regenerate the certs. Rerun the SSL tests > > - they should pass. If they do, send me the diff and I'll check > > it in. > > > > Alternatively, if anyone can figure out how to install weak > > keysigning algorithms on a Fedora box - I'm all ears. > > > > > > FYI: In order to support the larger key lengths, the following > > policy files need to be installed: > > http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html > > > > > > ----- Forwarded Message ----- > >> From: "Apache Jenkins Server" <jenk...@builds.apache.org> > >> To: notificati...@qpid.apache.org > >> Sent: Tuesday, March 19, 2013 9:49:01 PM > >> Subject: Jenkins build is still unstable: Qpid-proton-j » tests > >> #295 > >> > >> See > >> <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/changes> > >> > >> > > > > -- > > -K > -- -K