Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1922

Fix DNSName error in org.apache.knox.gateway.util.X509CertificateUtil

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 1.3.0
    • 1.3.0
    • KnoxCLI, Server
    • None

    Description

      As part of KNOX-1912, there has been some modification that added DNSName values for localhost even if the hostname evaluated to 127.0.0.1. However, due to RFC-1034, this is not allowed. On the other hand, newer RFCs (e.g. RFC 2181, RFC 1123) are relaxing these restrictions. Oracle claimed they fixed it in JDK 8 u212 (https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8213952) but it does not seem to be the case.
      As a result, neither the build finishes successfully nor the gateway starts as expected due to the same DNSName issue (IOException: DNSName components must begin with a letter).

      Recommended solution: only add the evaluated localhost address if it starts with a letter.

      Attachments

        Issue Links

          is caused by

          Improvement - An improvement or enhancement to an existing feature or task. KNOX-1912 X509CertificateUtil should set CN and SAN

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #115

          Activity

            People

              smolnar Sandor Molnar
              smolnar Sandor Molnar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m