You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@zookeeper.apache.org by an...@apache.org on 2019/01/02 12:41:20 UTC

[zookeeper] branch master updated: ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs

This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 2a3800f  ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
2a3800f is described below

commit 2a3800f00f4c14dde97c42a54806ba3485f27183
Author: Ilya Maykov <il...@fb.com>
AuthorDate: Wed Jan 2 13:41:06 2019 +0100

    ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs
    
    Key usage extension is wrong in test certs created by X509TestHelpers. This works with Java SSL stack because it allows sloppy certs, but breaks with Netty's OpenSSL stack. My Netty OpenSSL code is not ready for upstream yet, but fixing the test cert extensions is a prerequisite and can go in separately.
    
    Author: Ilya Maykov <il...@fb.com>
    
    Reviewers: fangmin@apache.org, andor@apache.org
    
    Closes #743 from ivmaykov/ZOOKEEPER-3228
---
 .../src/test/java/org/apache/zookeeper/common/X509TestHelpers.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java b/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
index 59b7634..2ca250d 100644
--- a/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
+++ b/zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
@@ -152,7 +152,7 @@ public class X509TestHelpers {
                 certPublicKey);
         builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); // not a CA
         builder.addExtension(
-                Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyAgreement));
+                Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
         builder.addExtension(
                 Extension.extendedKeyUsage,
                 true,