diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2024-04-19 13:05:59 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-19 13:05:59 +0200 |
commit | 433cb01e19f6bb51d6a2d029482a6e16431cb055 (patch) | |
tree | d86f458e5358874475e743df8b206d9d0f6624fc /config-model/src/main/java/com/yahoo/vespa | |
parent | 06b7bccd5586ed353069593a71535e4c958bc63e (diff) | |
parent | 3bc4c498b479cbb919a3f6e6b6ded892d6d55bce (diff) |
Merge pull request #29575 from vespa-engine/renovate/bouncycastle.vespa.version
Update bouncycastle.vespa.version to v1.77
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java index 9a8c8435790..5e6bd2a4b7f 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java @@ -31,20 +31,17 @@ public class CloudClientsValidator implements Validator { if (extensions == null) return; // Certificate without any extensions is okay if (extensions.getExtensionOIDs().length == 0) { /* - BouncyCastle 1.77 no longer accepts certificates having an empty sequence of extensions. + BouncyCastle 1.77 and 1.78 did not accept certificates having an empty sequence of extensions. Earlier releases violated the ASN.1 specification as the specification forbids empty extension sequence. See https://github.com/bcgit/bc-java/issues/1479. - - Detect such certificates and issue a warning for now. - Validation will be implicitly enforced once we upgrade BouncyCastle past 1.76. + The restriction was lifted on 1.78.1 although it's a reasonble to warn users still. */ var message = "The certificate's ASN.1 structure contains an empty sequence of extensions, " + "which is a violation of the ASN.1 specification. " + "Please update the application package with a new certificate, " + - "e.g by generating a new one using the Vespa CLI `$ vespa auth cert`. " + - "Such certificate will no longer be accepted in near future."; + "e.g by generating a new one using the Vespa CLI `$ vespa auth cert`. "; state.getDeployLogger() - .logApplicationPackage(Level.WARNING, errorMessage(clusterName, clientId, message)); + .log(Level.INFO, errorMessage(clusterName, clientId, message)); } } catch (CertificateEncodingException e) { reporter.accept(errorMessage(clusterName, clientId, e.getMessage()), e); |