[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15608053#comment-15608053 ] Rakesh Kumar Singh commented on ZOOKEEPER-2521: --- Should we update the document regarding this..? > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15509215#comment-15509215 ] Flavio Junqueira commented on ZOOKEEPER-2521: - for the record, what precisely are we agreeing upon, that we don't need to do anything here? > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15508652#comment-15508652 ] Rakesh Kumar Singh commented on ZOOKEEPER-2521: --- Agree with Edward Ribeiro > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506963#comment-15506963 ] Flavio Junqueira commented on ZOOKEEPER-2521: - In this case, there isn't anything we can do. I think the message is clear enough. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506875#comment-15506875 ] Edward Ribeiro commented on ZOOKEEPER-2521: --- Oh, exception and the message come from standard java API: https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#load(java.io.InputStream,%20char[]) It cannot figured out if the keyStore is corrupted or the password is incorrect. Same for the odd {{IOException}}. I guess the rationale was because keyStore is a file so it cannot read the file for the reasons I alluded. Even so, odd. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506846#comment-15506846 ] Flavio Junqueira commented on ZOOKEEPER-2521: - The message seems fine to me with a couple of caveats: # I'm not sure why we are suggesting that the password has been tampered with. The password is simply not the right one, no? # {{IOException}} is a bit odd as an exception type. login failure or invalid password seem to be more appropriate. Perhaps [~rakeshkumarsingh] has some insight that we are missing. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506799#comment-15506799 ] Edward Ribeiro commented on ZOOKEEPER-2521: --- Yup, agree. Currently the error message bubble up is: {quote} org.apache.zookeeper.common.X509Exception$KeyManagerException: java.io.IOException: Keystore was tampered with, or password was incorrect {quote} Isn't that enough? > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506661#comment-15506661 ] Flavio Junqueira commented on ZOOKEEPER-2521: - I thought some more about this, and I'm leaning more towards not making this change. If I understand correctly, not trimming doesn't cause any security issue (doesn't open up a new vulnerability). If the server isn't starting and we are not telling clearly to the user that it is because the password is invalid, then perhaps this is what we should fix, no? > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506418#comment-15506418 ] Edward Ribeiro commented on ZOOKEEPER-2521: --- +100 about asking around what is common in other systems. I will refactor the tests cases to use {{Assert.fail}} in case of an exception. Thanks for review it! > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506077#comment-15506077 ] Rakesh Kumar Singh commented on ZOOKEEPER-2521: --- This is related to SSL configuration and we have SSL support from 3.5 onwards. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15505884#comment-15505884 ] Flavio Junqueira commented on ZOOKEEPER-2521: - Another thing: this issue does not affect the 3.4 branch? is it really only for the 3.5 and master? > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15505866#comment-15505866 ] Flavio Junqueira commented on ZOOKEEPER-2521: - I want to ask around to get a sense of whether trimming whitespaces is common in other systems. One comment about the patch is that the test is simply throwing an exception instead of failing explicitly. Say we have a regression and the verification of the password with additional spaces fails. The test failure will be due to an exception rather than an {{Assert.fail}}. I'd rather have us explicitly failing the test in the case we get an exception. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15505695#comment-15505695 ] Rakesh Kumar Singh commented on ZOOKEEPER-2521: --- Leading and trailing spaces could be trouble for people who are loose with copy and paste and ll be little difficult to figure out why authentication is failing. Otherwise ok with documenting. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15504559#comment-15504559 ] Edward Ribeiro commented on ZOOKEEPER-2521: --- Fair enough. That's ok to you, [~rakeshsingh]? > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15504491#comment-15504491 ] Arshad Mohammad commented on ZOOKEEPER-2521: as [~abrahamfine] already said, It is quite possible that a password may start with white space or end with white space. Also, space truncating should be done in the cases where we are sure about the values like paths, true, false, integer values etc. I think in this case truncating the space is not required at all. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15503698#comment-15503698 ] Edward Ribeiro commented on ZOOKEEPER-2521: --- Yep, makes sense. Thanks for pointing out! Particularly, I think passwords with spaces at beginning/end can lead to the all sorts of headaches during maintenance and operation. Like the one that _probably_ motivated this issue. But I am fine about *_discarding_* this patch/issue. Would like to hear from the committers and users (/cc [~arshad.mohammad]). +1 about documenting this restriction if we apply this patch. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15494704#comment-15494704 ] Abraham Fine commented on ZOOKEEPER-2521: - Not sure if we should be doing this, since we are essentially restricting the keystores/truststores to those that have a password that does not end in a space (which as far as I can tell is possible). At least, I think this should be documented. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2521) space should be truncated while reading password for keystore/truststore which is required to configure while SSL enabled
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15478737#comment-15478737 ] Hadoop QA commented on ZOOKEEPER-2521: -- +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12827859/ZOOKEEPER-2521.patch against trunk revision 1759917. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3407//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3407//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3407//console This message is automatically generated. > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled > - > > Key: ZOOKEEPER-2521 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.5.1 >Reporter: Rakesh Kumar Singh >Assignee: Edward Ribeiro >Priority: Minor > Attachments: ZOOKEEPER-2521.patch > > > space should be truncated while reading password for keystore/truststore > which is required to configure while SSL enabled. > As of now if we configure the password with any heading/trailing space, the > zookeeper server will fail to start. -- This message was sent by Atlassian JIRA (v6.3.4#6332)