Hello,
One of our MS SQL Server boxes has a cert using RSASSA-PSS as the signature algorithm. The version of Java included in the docker image we’re using (dremio-oss:3.1.6) is OpenJDK 1.80_181 which doesn’t appear to have compatibility for RSASSA-PSS certs. It looks like Java 11 has a fix, and there was discussion about backporting, but I don’t see that it ever happened.
Do the newer Docker images still use Java 8 and, if so, are there recommended existing methods for updating to a newer version or does the cert and its dependencies need to be rebuilt?
Thanks!
Gray
The Dremio logs at the failure
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1127) ~[na:1.8.0_181]
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1051) ~[na:1.8.0_181]
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:993) ~[na:1.8.0_181]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1615) ~[na:1.8.0_181]
… 31 common frames omitted
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: 1.2.840.113549.1.1.10
at sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:278) ~[na:1.8.0_181]
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1123) ~[na:1.8.0_181]
… 34 common frames omitted
Current Build
3.1.6-201903070042400578-fdcd3a8
Edition
Community Edition