首頁 探索 說明
註冊 登入
apache
/
zookeeper
镜像来自 https://gitee.com/apache/zookeeper.git
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

ZOOKEEPER-3228: [TLS] Fix key usage extension in test certs

Key usage extension is wrong in test certs created by X509TestHelpers. This works with Java SSL stack because it allows sloppy certs, but breaks with Netty's OpenSSL stack. My Netty OpenSSL code is not ready for upstream yet, but fixing the test cert extensions is a prerequisite and can go in separately.

Author: Ilya Maykov <ilyam@fb.com>

Reviewers: fangmin@apache.org, andor@apache.org

Closes #743 from ivmaykov/ZOOKEEPER-3228
Ilya Maykov 6 年之前
父節點
4212a5a4db
當前提交
2a3800f00f
共有 1 個文件被更改,包括 1 次插入1 次删除
分割檢視 顯示文件統計
  1. 1 1
      zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java

+ 1 - 1
zookeeper-server/src/test/java/org/apache/zookeeper/common/X509TestHelpers.java
查看文件 

@@ -152,7 +152,7 @@ public class X509TestHelpers {
 
                 certPublicKey);
 
         builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); // not a CA
 
         builder.addExtension(
 
-                Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyAgreement));
 
+                Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
 
         builder.addExtension(
 
                 Extension.extendedKeyUsage,
 
                 true,