You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Vivek Ratnavel Subramanian (Jira)" <ji...@apache.org> on 2020/10/13 20:59:00 UTC

[jira] [Updated] (HDDS-4301) SCM CA certificate does not encode KeyUsage extension properly

     [ https://issues.apache.org/jira/browse/HDDS-4301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vivek Ratnavel Subramanian updated HDDS-4301:
---------------------------------------------
    Summary: SCM CA certificate does not encode KeyUsage extension properly  (was: SCM CA certificate does not encode KeyUsage extension propertly)

> SCM CA certificate does not encode KeyUsage extension properly
> --------------------------------------------------------------
>
>                 Key: HDDS-4301
>                 URL: https://issues.apache.org/jira/browse/HDDS-4301
>             Project: Hadoop Distributed Data Store
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 1.0.0
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>              Labels: pull-request-available
>
> This could be problematic with strict security provider such as FIPS. The default non-FIPS provider such as SunJCE and BC provider work fine though. This ticket is opened to fix it. 
> {code:java}
> 2020-09-30 12:01:52,962 ERROR org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer: Unable to initialize CertificateServer.
> org.apache.hadoop.hdds.security.exception.SCMSecurityException: java.security.cert.CertificateParsingException: cannot construct KeyUsage: java.lang.IllegalArgumentException: illegal object in getInstance: com.safelogic.cryptocomply.asn1.DEROctetString
>         at org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.getPEMEncodedString(CertificateCodec.java:105)
>         at org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.writeCertificate(CertificateCodec.java:182)
>         at org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.generateRootCertificate(DefaultCAServer.java:495)
>         at org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.generateSelfSignedCA(DefaultCAServer.java:303)
>   
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org