[jira] [Updated] (HADOOP-17699) Remove hardcoded SunX509 usage from SSLFactory
[ https://issues.apache.org/jira/browse/HADOOP-17699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated HADOOP-17699: Component/s: common > Remove hardcoded SunX509 usage from SSLFactory > -- > > Key: HADOOP-17699 > URL: https://issues.apache.org/jira/browse/HADOOP-17699 > Project: Hadoop Common > Issue Type: Bug > Components: common >Affects Versions: 3.4.0 >Reporter: Xiaoyu Yao >Assignee: Xiaoyu Yao >Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and > ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which > is used to get a KeyManager/TrustManager. This KeyManager type might not be > available if using the other JSSE providers, e.g., in FIPS deployment. > > {code:java} > WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized > ssl related configuration. Fall > back to system-generic settings. > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137) > at > org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186) > at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187) > at > org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.(SSLConnectionConfigurator.java:50) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79) > {code} > This ticket is opened to use the DefaultAlgorithm defined by Java system > property: > ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm. > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-17699) Remove hardcoded SunX509 usage from SSLFactory
[ https://issues.apache.org/jira/browse/HADOOP-17699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated HADOOP-17699: Affects Version/s: 3.4.0 > Remove hardcoded SunX509 usage from SSLFactory > -- > > Key: HADOOP-17699 > URL: https://issues.apache.org/jira/browse/HADOOP-17699 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 3.4.0 >Reporter: Xiaoyu Yao >Assignee: Xiaoyu Yao >Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and > ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which > is used to get a KeyManager/TrustManager. This KeyManager type might not be > available if using the other JSSE providers, e.g., in FIPS deployment. > > {code:java} > WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized > ssl related configuration. Fall > back to system-generic settings. > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137) > at > org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186) > at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187) > at > org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.(SSLConnectionConfigurator.java:50) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79) > {code} > This ticket is opened to use the DefaultAlgorithm defined by Java system > property: > ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm. > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-17699) Remove hardcoded SunX509 usage from SSLFactory
[ https://issues.apache.org/jira/browse/HADOOP-17699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shilun Fan updated HADOOP-17699: Target Version/s: 3.3.2, 3.4.0 (was: 3.3.2) > Remove hardcoded SunX509 usage from SSLFactory > -- > > Key: HADOOP-17699 > URL: https://issues.apache.org/jira/browse/HADOOP-17699 > Project: Hadoop Common > Issue Type: Bug >Reporter: Xiaoyu Yao >Assignee: Xiaoyu Yao >Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and > ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which > is used to get a KeyManager/TrustManager. This KeyManager type might not be > available if using the other JSSE providers, e.g., in FIPS deployment. > > {code:java} > WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized > ssl related configuration. Fall > back to system-generic settings. > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137) > at > org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186) > at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187) > at > org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.(SSLConnectionConfigurator.java:50) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79) > {code} > This ticket is opened to use the DefaultAlgorithm defined by Java system > property: > ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm. > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-17699) Remove hardcoded SunX509 usage from SSLFactory
[ https://issues.apache.org/jira/browse/HADOOP-17699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wei-Chiu Chuang updated HADOOP-17699: - Target Version/s: 3.3.2 > Remove hardcoded SunX509 usage from SSLFactory > -- > > Key: HADOOP-17699 > URL: https://issues.apache.org/jira/browse/HADOOP-17699 > Project: Hadoop Common > Issue Type: Bug >Reporter: Xiaoyu Yao >Assignee: Xiaoyu Yao >Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and > ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which > is used to get a KeyManager/TrustManager. This KeyManager type might not be > available if using the other JSSE providers, e.g., in FIPS deployment. > > {code:java} > WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized > ssl related configuration. Fall > back to system-generic settings. > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137) > at > org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186) > at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187) > at > org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.(SSLConnectionConfigurator.java:50) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79) > {code} > This ticket is opened to use the DefaultAlgorithm defined by Java system > property: > ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-17699) Remove hardcoded SunX509 usage from SSLFactory
[ https://issues.apache.org/jira/browse/HADOOP-17699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xiaoyu Yao updated HADOOP-17699: Summary: Remove hardcoded SunX509 usage from SSLFactory (was: Remove hardcoded "SunX509" usage from SSLFactory) > Remove hardcoded SunX509 usage from SSLFactory > -- > > Key: HADOOP-17699 > URL: https://issues.apache.org/jira/browse/HADOOP-17699 > Project: Hadoop Common > Issue Type: Bug >Reporter: Xiaoyu Yao >Assignee: Xiaoyu Yao >Priority: Major > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > > In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and > ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which > is used to get a KeyManager/TrustManager. This KeyManager type might not be > available if using the other JSSE providers, e.g., in FIPS deployment. > > {code:java} > WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized > ssl related configuration. Fall > back to system-generic settings. > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137) > at > org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186) > at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187) > at > org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.(SSLConnectionConfigurator.java:50) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79) > {code} > This ticket is opened to use the DefaultAlgorithm defined by Java system > property: > ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-17699) Remove hardcoded "SunX509" usage from SSLFactory
[ https://issues.apache.org/jira/browse/HADOOP-17699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated HADOOP-17699: Labels: pull-request-available (was: ) > Remove hardcoded "SunX509" usage from SSLFactory > > > Key: HADOOP-17699 > URL: https://issues.apache.org/jira/browse/HADOOP-17699 > Project: Hadoop Common > Issue Type: Bug >Reporter: Xiaoyu Yao >Assignee: Xiaoyu Yao >Priority: Major > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > > In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and > ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which > is used to get a KeyManager/TrustManager. This KeyManager type might not be > available if using the other JSSE providers, e.g., in FIPS deployment. > > {code:java} > WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized > ssl related configuration. Fall > back to system-generic settings. > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137) > at > org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186) > at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187) > at > org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.(SSLConnectionConfigurator.java:50) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100) > at > org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79) > {code} > This ticket is opened to use the DefaultAlgorithm defined by Java system > property: > ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org