You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Vivek Ratnavel Subramanian (Jira)" <ji...@apache.org> on 2020/10/13 20:59:00 UTC
[jira] [Updated] (HDDS-4301) SCM CA certificate does not encode
KeyUsage extension properly
[ https://issues.apache.org/jira/browse/HDDS-4301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vivek Ratnavel Subramanian updated HDDS-4301:
---------------------------------------------
Summary: SCM CA certificate does not encode KeyUsage extension properly (was: SCM CA certificate does not encode KeyUsage extension propertly)
> SCM CA certificate does not encode KeyUsage extension properly
> --------------------------------------------------------------
>
> Key: HDDS-4301
> URL: https://issues.apache.org/jira/browse/HDDS-4301
> Project: Hadoop Distributed Data Store
> Issue Type: Improvement
> Components: Security
> Affects Versions: 1.0.0
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
> Labels: pull-request-available
>
> This could be problematic with strict security provider such as FIPS. The default non-FIPS provider such as SunJCE and BC provider work fine though. This ticket is opened to fix it.
> {code:java}
> 2020-09-30 12:01:52,962 ERROR org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer: Unable to initialize CertificateServer.
> org.apache.hadoop.hdds.security.exception.SCMSecurityException: java.security.cert.CertificateParsingException: cannot construct KeyUsage: java.lang.IllegalArgumentException: illegal object in getInstance: com.safelogic.cryptocomply.asn1.DEROctetString
> at org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.getPEMEncodedString(CertificateCodec.java:105)
> at org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.writeCertificate(CertificateCodec.java:182)
> at org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.generateRootCertificate(DefaultCAServer.java:495)
> at org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.generateSelfSignedCA(DefaultCAServer.java:303)
>
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org