Spring Cloud Config Client Native test: FIPS enabled native-image: "only SunJSSE TrustManagers may be used" #23965
Labels
area/mandrel
area/securepipeline
issues related to ensure Quarkus can be used in a secure pipeline setups like FIPS or similar
area/spring
Issues relating to the Spring integration
kind/bug
Something isn't working
Describe the bug
Spring Cloud Config Client test works fine with FIPS aware HotSpot, but the test fails to start with FIPS aware native-image.
TODO: Check Wiremock in HotSpot vs Native and how it is used here.
Notes from Severin:
Only PKCS11 NSS certificates may be used in FIPS mode. See: https://access.redhat.com/documentation/en-us/openjdk/11/html-single/configuring_openjdk_11_on_rhel_with_fips/index#trust_anchor_certificates
HotSpot (FIPS enabled)
Native (FIPS disabled)
Native (FIPS enabled)
Expected behavior
Passes both for FIPS enabled HotSpot and FIPS enabled Native.
Actual behavior
FIPS enabled Native fails.
How to Reproduce?
On a FIPS enforcing system, using FIPS aware native-image:
Output of
uname -a
orver
Linux rhel9fips 5.14.0-63.el9.x86_64
Output of
java -version
Red Hat build of OpenJDK 64-Bit Server VM 18.9 (build 11.0.14.1+1-LTS, mixed mode)
GraalVM version (if different from Java)
No response
Quarkus version or git rev
95cc838
Build tool (ie. output of
mvnw --version
orgradlew --version
)No response
Additional information
No response
The text was updated successfully, but these errors were encountered: