You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Wolff Bock von Wuelfingen (Jira)" <ji...@apache.org> on 2022/08/19 12:59:00 UTC

[jira] [Commented] (LOG4J2-3578) TlsSyslogAppenderTest fails because of expired certificate

    [ https://issues.apache.org/jira/browse/LOG4J2-3578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17581846#comment-17581846 ] 

Wolff Bock von Wuelfingen commented on LOG4J2-3578:
---------------------------------------------------

Reproduced the same on a newish Ubuntu VM.

>  TlsSyslogAppenderTest fails because of expired certificate
> -----------------------------------------------------------
>
>                 Key: LOG4J2-3578
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3578
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Tests
>    Affects Versions: 2.18.0
>            Reporter: Wolff Bock von Wuelfingen
>            Priority: Major
>
> Running the Test by itself reveals the following cause for {{sendLargeLegacyBsdMessageOverTls(), }}{{sendLegacyBsdMessagesOverTls(), }}{{sendStructuredMessageOverTls(), }}{{sendStructuredMessagesOverTls()}}  failing:
> {code:java}
> Caused by: java.security.cert.CertPathValidatorException: validity check failed
>     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
>     at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:220)
>     at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
>     at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
>     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
>     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:381)
>     ... 75 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Aug 05 17:00:53 CEST 2022
>     at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:277)
>     at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:677)
>     at sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190)
>     at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
>     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
>     ... 80 more {code}
> Looking at the certificate confirms this:
>  
> {code:java}
>   Validity: [From: Wed Aug 07 17:00:53 CEST 2013,
>                To: Fri Aug 05 17:00:53 CEST 2022] {code}
> By overriding the checked Date inside at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:677) with the debugger i can make all tests pass under Windows.
> I think the certificate at fault is one of those in resources/org/apache/logging/log4j/core/net/ssl
> I'm unfortunately not versed enough to make a new certificate with a new expiration date.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)