You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by GitBox <gi...@apache.org> on 2020/04/20 12:29:58 UTC
[GitHub] [brooklyn-server] aledsage opened a new pull request #1092: [WIP] Bump bouncycastle: 1.51 to 1.61
aledsage opened a new pull request #1092:
URL: https://github.com/apache/brooklyn-server/pull/1092
This pull request builds on and extends https://github.com/apache/brooklyn-server/pull/1039.
The original branch for that PR was deleted. The git fu to get a branch with these commits was:
```
git fetch upstream pull/1039/head:bump-bouncycastle
git checkout bump-bouncycastle
git pull --rebase
````
---
The build still has the following unit test failures:
```
Tests run: 2366, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 105.431 sec <<< FAILURE! - in TestSuite
testInjectCertificateAuthority(org.apache.brooklyn.util.core.crypto.SecureKeysAndSignerTest) Time elapsed: 0.181 sec <<< FAILURE!
java.lang.AssertionError: expected [true] but found [false]
at org.apache.brooklyn.util.core.crypto.SecureKeysAndSignerTest.testInjectCertificateAuthority(SecureKeysAndSignerTest.java:89)
```
As per @kemitix's comment (https://github.com/apache/brooklyn-server/pull/1039#issuecomment-462750504), bumping to sshj 0.27 fixed it - but then he rolled it back to 0.22 because:
```
This avoids an issue where sshj, >= v0.23.0, is broken in OSGi
environments, as it uses a class in a private package in a child
dependency, eddsa. In v0.23.0, sshj upgrdes to use 0.2.0 of eddsa
where this package is made private.
```
This still needs further investigation and fixed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [brooklyn-server] aledsage commented on issue #1092: [WIP] Bump bouncycastle: 1.51 to 1.61
Posted by GitBox <gi...@apache.org>.
aledsage commented on issue #1092:
URL: https://github.com/apache/brooklyn-server/pull/1092#issuecomment-616541011
This test also fails (likely the same reason):
```
testAllGoodSignatures(org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgentSslTest) Time elapsed: 0.191 sec <<< FAILURE!
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: sun.security.validator.ValidatorException: TrustAnchor with subject "C=None, L=None, O=None, OU=None, CN=ca-root" is not a CA certificate
at org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgentSslTest.testAllGoodSignatures(JmxmpAgentSslTest.java:184)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: sun.security.validator.ValidatorException: TrustAnchor with subject "C=None, L=None, O=None, OU=None, CN=ca-root" is not a CA certificate
at org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgentSslTest.testAllGoodSignatures(JmxmpAgentSslTest.java:184)
Caused by: sun.security.validator.ValidatorException: TrustAnchor with subject "C=None, L=None, O=None, OU=None, CN=ca-root" is not a CA certificate
at org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgentSslTest.testAllGoodSignatures(JmxmpAgentSslTest.java:184)
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [brooklyn-server] aledsage commented on issue #1092: [WIP] Bump bouncycastle: 1.51 to 1.61
Posted by GitBox <gi...@apache.org>.
aledsage commented on issue #1092:
URL: https://github.com/apache/brooklyn-server/pull/1092#issuecomment-617278920
Added a commit that fixes it for me locally.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [brooklyn-server] aledsage commented on issue #1092: [WIP] Bump bouncycastle: 1.51 to 1.61
Posted by GitBox <gi...@apache.org>.
aledsage commented on issue #1092:
URL: https://github.com/apache/brooklyn-server/pull/1092#issuecomment-617285410
I now wonder if the test failures are not caused by the BouncyCastle upgrade, but by me switching to a different mac laptop that caused the certificate checks to be stricter!
However, in This pull request #1039 we saw the test failure as well.
I think these are good changes to include though.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [brooklyn-server] aledsage commented on issue #1092: [WIP] Bump bouncycastle: 1.51 to 1.61
Posted by GitBox <gi...@apache.org>.
aledsage commented on issue #1092:
URL: https://github.com/apache/brooklyn-server/pull/1092#issuecomment-617278690
This also failed for the same reason:
```
Failed tests:
JmxmpAgentSslTest.testAllGoodSignatures:184 ยป SSLHandshake sun.security.valida...
```
But why did the pull request build say they passed, when it failed for me locally?!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org