Marton Greber has posted comments on this change. ( http://gerrit.cloudera.org:8080/23841 )
Change subject: [Java] Fix TLS truststore init for FIPS providers ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/23841/1/java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java File java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java: http://gerrit.cloudera.org:8080/#/c/23841/1/java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java@420 PS1, Line 420: new char[0] > It seems this argument might be null as well at least for java.security.Key Yes, I tested null for the password as well and it works with both JDK/FIPS provider. Either null or an empty char[] correctly initialises an empty in-memory KeyStore when the InputStream is null. I chose new char[0] intentionally to avoid relying on provider-specific null handling. Although the Java API allows null (both for LoadStoreParameter in the 1-arg overload and for password in the 2-arg overload), I’ve seen that some stricter/FIPS provider implementations reject nulls even when the spec permits them (e.g. the original 'param' arg cannot be null failure). -- To view, visit http://gerrit.cloudera.org:8080/23841 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I361341146c9115a17df182c397dbf4119ec68464 Gerrit-Change-Number: 23841 Gerrit-PatchSet: 1 Gerrit-Owner: Marton Greber <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Marton Greber <[email protected]> Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Fri, 09 Jan 2026 10:52:18 +0000 Gerrit-HasComments: Yes
