You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@calcite.apache.org by "Kevin Risden (JIRA)" <ji...@apache.org> on 2018/09/17 17:30:00 UTC

[jira] [Created] (CALCITE-2568) Avatica - IBM - Fix TLS/SSL test - o.a.c.a.SslDriverTest

Kevin Risden created CALCITE-2568:
-------------------------------------

             Summary: Avatica - IBM - Fix TLS/SSL test - o.a.c.a.SslDriverTest
                 Key: CALCITE-2568
                 URL: https://issues.apache.org/jira/browse/CALCITE-2568
             Project: Calcite
          Issue Type: Improvement
          Components: avatica
            Reporter: Kevin Risden
            Assignee: Kevin Risden


IBM JDK fails for o.a.c.a.SslDriverTest after update to Jetty 9.4.
{code:java}
ERROR] testReadWrite[0](org.apache.calcite.avatica.SslDriverTest)  Time elapsed: 0.082 s  <<< ERROR!
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at org.apache.calcite.avatica.SslDriverTest.testReadWrite(SslDriverTest.java:137)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at org.apache.calcite.avatica.SslDriverTest.testReadWrite(SslDriverTest.java:137)

[ERROR] testReadWrite[1](org.apache.calcite.avatica.SslDriverTest)  Time elapsed: 0.037 s  <<< ERROR!
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at org.apache.calcite.avatica.SslDriverTest.testReadWrite(SslDriverTest.java:137)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at org.apache.calcite.avatica.SslDriverTest.testReadWrite(SslDriverTest.java:137)
{code}
This seems to be a difference between IBM JDK and Oracle/OpenJDK related to SSL_ vs TLS_ prefixes for ciphers. The fix for this is to force IBM JDK to honor the Oracle/OpenJDK prefixes.
 * [https://www.ibm.com/developerworks/community/forums/html/topic?id=d34413d1-fc6d-4ea1-9e7b-4e331b591aa9&ps=50]
 * [https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/matchsslcontext_tls.html]

The Java property to add is:
{code:java}
-Dcom.ibm.jsse2.overrideDefaultTLS=true{code}
Oracle/OpenJDK ignores the Java property so we can add the property to .travis.yml to get the tests to pass.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)