You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@qpid.apache.org by Apache Jenkins Server <je...@builds.apache.org> on 2013/03/18 13:19:04 UTC
Jenkins build became unstable: Qpid-proton-j » tests #293
See <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/293/>
Jenkins build is back to stable : Qpid-proton-j » tests #297
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/297/changes>
Jenkins build is still unstable: Qpid-proton-j » tests #296
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/296/>
Re: Help needed [Fwd: Jenkins build is still unstable: Qpid-proton-j » tests #295]
Posted by Ken Giusti <kg...@redhat.com>.
Thanks Keith! Jenkins is back to stable.
Hopefully that's it for the next 300 years.... :)
----- Original Message -----
> From: "Keith W" <ke...@gmail.com>
> To: proton@qpid.apache.org
> Sent: Wednesday, March 20, 2013 12:01:26 PM
> Subject: Re: Help needed [Fwd: Jenkins build is still unstable: Qpid-proton-j » tests #295]
>
> Resolved by rev. 1458901
>
> On 20 March 2013 13:24, Ken Giusti <kg...@redhat.com> wrote:
> >
> > This failure is due to my updates to the SSL certificates and keys
> > used by the SSL unit tests.
> >
> > Specifically:
> >
> > IllegalStateException: java.lang.IllegalStateException: Unable to
> > read PEM object from file
> > /home/jenkins/jenkins-slave/workspace/Qpid-proton-j/trunk/tests/target/classes/proton_tests/ssl_db/server-private-key.pem
> > proton_tests.ssl.SslTest.test_client_server_authentication
> > ..............Mar 20, 2013 1:48:59 AM
> > org.apache.qpid.proton.engine.impl.ssl.SslEngineFacadeFactory
> > readPemObject
> > SEVERE: Unable to read PEM object. Perhaps you need the unlimited
> > strength libraries in <java-home>/jre/lib/security/ ?
> > org.bouncycastle.openssl.PEMException: problem parsing ENCRYPTED
> > PRIVATE KEY: java.security.InvalidKeyException: Illegal key size
> >
> >
> > I've hit this problem before, and have yet to be able to solve it
> > (on my machine, at least).
> >
> > The problem is due to the export restrictions on encryption. I
> > suspect the default java configuration for some machines -
> > certainly OSX - does not allow for exportable key lengths. On
> > such systems, the proton SSL test will fail as the environment
> > cannot handle the key lengths used in the checked in certificates.
> >
> > So why not check in certificates with short keys? That'll fix the
> > problem. But I can't - the Fedora packages do not support
> > creating certs with short key lengths, for security reasons.
> > Therefore I cannot generate universally usable certs in my
> > environment.
> >
> > This is a call for help - is there anyone out there who is seeing
> > the same SSL test failures using the latest trunk? If so, can you
> > regenerate the test certificates on your system? There's a script
> > attached to the end of the README.txt file in
> > qpid-proton/tests/python/proton_tests/ssl_db - simply run that in
> > the ssl_db directory to regenerate the certs. Rerun the SSL tests
> > - they should pass. If they do, send me the diff and I'll check
> > it in.
> >
> > Alternatively, if anyone can figure out how to install weak
> > keysigning algorithms on a Fedora box - I'm all ears.
> >
> >
> > FYI: In order to support the larger key lengths, the following
> > policy files need to be installed:
> > http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
> >
> >
> > ----- Forwarded Message -----
> >> From: "Apache Jenkins Server" <je...@builds.apache.org>
> >> To: notifications@qpid.apache.org
> >> Sent: Tuesday, March 19, 2013 9:49:01 PM
> >> Subject: Jenkins build is still unstable: Qpid-proton-j » tests
> >> #295
> >>
> >> See
> >> <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/changes>
> >>
> >>
> >
> > --
> > -K
>
--
-K
Re: Help needed [Fwd: Jenkins build is still unstable: Qpid-proton-j » tests #295]
Posted by Keith W <ke...@gmail.com>.
Resolved by rev. 1458901
On 20 March 2013 13:24, Ken Giusti <kg...@redhat.com> wrote:
>
> This failure is due to my updates to the SSL certificates and keys used by the SSL unit tests.
>
> Specifically:
>
> IllegalStateException: java.lang.IllegalStateException: Unable to read PEM object from file /home/jenkins/jenkins-slave/workspace/Qpid-proton-j/trunk/tests/target/classes/proton_tests/ssl_db/server-private-key.pem
> proton_tests.ssl.SslTest.test_client_server_authentication ..............Mar 20, 2013 1:48:59 AM org.apache.qpid.proton.engine.impl.ssl.SslEngineFacadeFactory readPemObject
> SEVERE: Unable to read PEM object. Perhaps you need the unlimited strength libraries in <java-home>/jre/lib/security/ ?
> org.bouncycastle.openssl.PEMException: problem parsing ENCRYPTED PRIVATE KEY: java.security.InvalidKeyException: Illegal key size
>
>
> I've hit this problem before, and have yet to be able to solve it (on my machine, at least).
>
> The problem is due to the export restrictions on encryption. I suspect the default java configuration for some machines - certainly OSX - does not allow for exportable key lengths. On such systems, the proton SSL test will fail as the environment cannot handle the key lengths used in the checked in certificates.
>
> So why not check in certificates with short keys? That'll fix the problem. But I can't - the Fedora packages do not support creating certs with short key lengths, for security reasons. Therefore I cannot generate universally usable certs in my environment.
>
> This is a call for help - is there anyone out there who is seeing the same SSL test failures using the latest trunk? If so, can you regenerate the test certificates on your system? There's a script attached to the end of the README.txt file in qpid-proton/tests/python/proton_tests/ssl_db - simply run that in the ssl_db directory to regenerate the certs. Rerun the SSL tests - they should pass. If they do, send me the diff and I'll check it in.
>
> Alternatively, if anyone can figure out how to install weak keysigning algorithms on a Fedora box - I'm all ears.
>
>
> FYI: In order to support the larger key lengths, the following policy files need to be installed:
> http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
>
>
> ----- Forwarded Message -----
>> From: "Apache Jenkins Server" <je...@builds.apache.org>
>> To: notifications@qpid.apache.org
>> Sent: Tuesday, March 19, 2013 9:49:01 PM
>> Subject: Jenkins build is still unstable: Qpid-proton-j » tests #295
>>
>> See
>> <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/changes>
>>
>>
>
> --
> -K
Help needed [Fwd: Jenkins build is still unstable: Qpid-proton-j » tests #295]
Posted by Ken Giusti <kg...@redhat.com>.
This failure is due to my updates to the SSL certificates and keys used by the SSL unit tests.
Specifically:
IllegalStateException: java.lang.IllegalStateException: Unable to read PEM object from file /home/jenkins/jenkins-slave/workspace/Qpid-proton-j/trunk/tests/target/classes/proton_tests/ssl_db/server-private-key.pem
proton_tests.ssl.SslTest.test_client_server_authentication ..............Mar 20, 2013 1:48:59 AM org.apache.qpid.proton.engine.impl.ssl.SslEngineFacadeFactory readPemObject
SEVERE: Unable to read PEM object. Perhaps you need the unlimited strength libraries in <java-home>/jre/lib/security/ ?
org.bouncycastle.openssl.PEMException: problem parsing ENCRYPTED PRIVATE KEY: java.security.InvalidKeyException: Illegal key size
I've hit this problem before, and have yet to be able to solve it (on my machine, at least).
The problem is due to the export restrictions on encryption. I suspect the default java configuration for some machines - certainly OSX - does not allow for exportable key lengths. On such systems, the proton SSL test will fail as the environment cannot handle the key lengths used in the checked in certificates.
So why not check in certificates with short keys? That'll fix the problem. But I can't - the Fedora packages do not support creating certs with short key lengths, for security reasons. Therefore I cannot generate universally usable certs in my environment.
This is a call for help - is there anyone out there who is seeing the same SSL test failures using the latest trunk? If so, can you regenerate the test certificates on your system? There's a script attached to the end of the README.txt file in qpid-proton/tests/python/proton_tests/ssl_db - simply run that in the ssl_db directory to regenerate the certs. Rerun the SSL tests - they should pass. If they do, send me the diff and I'll check it in.
Alternatively, if anyone can figure out how to install weak keysigning algorithms on a Fedora box - I'm all ears.
FYI: In order to support the larger key lengths, the following policy files need to be installed:
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
----- Forwarded Message -----
> From: "Apache Jenkins Server" <je...@builds.apache.org>
> To: notifications@qpid.apache.org
> Sent: Tuesday, March 19, 2013 9:49:01 PM
> Subject: Jenkins build is still unstable: Qpid-proton-j » tests #295
>
> See
> <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/changes>
>
>
--
-K
Jenkins build is still unstable: Qpid-proton-j » tests #295
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/changes>
Jenkins build is still unstable: Qpid-proton-j » tests #294
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://builds.apache.org/job/Qpid-proton-j/org.apache.qpid$tests/changes>