You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/04/06 22:55:00 UTC

[jira] [Commented] (KUDU-3106) getEndpointChannelBindings() isn't working as expected with BouncyCastle 1.65

    [ https://issues.apache.org/jira/browse/KUDU-3106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17076729#comment-17076729 ] 

ASF subversion and git services commented on KUDU-3106:
-------------------------------------------------------

Commit 5bc210ba7d1243f31c2fa211faefad707f9d286d in kudu's branch refs/heads/master from Alexey Serbin
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=5bc210b ]

[security] KUDU-3106 update on getEndpointChannelBindings()

Fixed an issue with SecurityUtil::getEndpointChannelBindings() when Java
security provider converts the certificate signature algorithm's name
to the upper case.  At least, the upper-case conversion behavior was
observed when using BouncyCastle 1.65.

Change-Id: Ia788d6d72cfee7958e9db7293740aa22ede8fabd
Reviewed-on: http://gerrit.cloudera.org:8080/15664
Tested-by: Kudu Jenkins
Reviewed-by: Grant Henke <gr...@apache.org>


> getEndpointChannelBindings() isn't working as expected with BouncyCastle 1.65
> -----------------------------------------------------------------------------
>
>                 Key: KUDU-3106
>                 URL: https://issues.apache.org/jira/browse/KUDU-3106
>             Project: Kudu
>          Issue Type: Bug
>          Components: client, java, security
>    Affects Versions: 1.3.0, 1.3.1, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.7.1, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.11.1
>            Reporter: Alexey Serbin
>            Assignee: Alexey Serbin
>            Priority: Major
>
> With [BouncyCastle|https://www.bouncycastle.org] 2.65 the code in https://github.com/apache/kudu/blob/25ae6c5108cc84289f69c467d862e298d3361ea8/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java#L136-L159 isn't working as expected throwing an exception:
> {noformat}
> java.lang.RuntimeException: cert uses unknown signature algorithm: SHA256WITHRSA
> {noformat}
> It seems BouncyCastle 1.65 converts the name of the certificate signature algorithm uppercase.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)