You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Xiaoyu Yao (Jira)" <ji...@apache.org> on 2021/05/15 00:06:00 UTC
[jira] [Created] (HADOOP-17699) Remove hardcoded "SunX509" usage
from SSLFactory
Xiaoyu Yao created HADOOP-17699:
-----------------------------------
Summary: Remove hardcoded "SunX509" usage from SSLFactory
Key: HADOOP-17699
URL: https://issues.apache.org/jira/browse/HADOOP-17699
Project: Hadoop Common
Issue Type: Bug
Reporter: Xiaoyu Yao
Assignee: Xiaoyu Yao
In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which is used to get a KeyManager/TrustManager. This KeyManager type might not be available if using the other JSSE providers, e.g., in FIPS deployment.
{code:java}
WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized ssl related configuration. Fall
back to system-generic settings.
java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137)
at org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186)
at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187)
at org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.<init>(SSLConnectionConfigurator.java:50)
at org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100)
at org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79)
{code}
This ticket is opened to use the DefaultAlgorithm defined by Java system property:
ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org