HBASE-10132. sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD

This change adds a section to the troubleshooting portion of the online
manual addressing an issue with the default security provider of some JREs.


git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1550244 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andrew Kyle Purtell 2013-12-11 20:11:30 +00:00
parent c93a61d4d6
commit 4b63043643
1 changed files with 25 additions and 0 deletions

View File

@ -1154,4 +1154,29 @@ at org.apache.hadoop.hbase.HBaseTestingUtility.startMiniCluster
</para> </para>
</section> </section>
<section xml:id="trouble.crypto">
<title>Cryptographic Features</title>
<section xml:id="trouble.crypto.HBASE-10132">
<title>sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD</title>
<para>This problem manifests as exceptions ultimately caused by:</para>
<programlisting>
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD
at sun.security.pkcs11.wrapper.PKCS11.C_DecryptUpdate(Native Method)
at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:795)
</programlisting>
<para>
This problem appears to affect some versions of OpenJDK 7 shipped by some Linux vendors. NSS is configured as the default provider. If the host has an x86_64 architecture, depending on if the vendor packages contain the defect, the NSS provider will not function correctly.
</para>
<para>
To work around this problem, find the JRE home directory and edit the file <filename>lib/security/java.security</filename>. Edit the file to comment out the line:
</para>
<programlisting>
security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
</programlisting>
<para>
Then renumber the remaining providers accordingly.
</para>
</section>
</section>
</chapter> </chapter>