[HDFS-11302] Improve Logging for SSLHostnameVerifier - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.9.0, 3.0.0-alpha4
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed

Description

SSLHostnameVerifier interface/class was copied from other projects without any logging to help troubleshooting SSL certificate related issues. For a misconfigured SSL truststore, we may get some very confusing error message like

>hdfs dfs -cat swebhdfs://NNl/tmp/test1.txt
...
cause:java.io.IOException: DN2:50475: HTTPS hostname wrong:  should be <DN2>
cat: DN2:50475: HTTPS hostname wrong:  should be <DN2>

This ticket is opened to add tracing to give more useful context information around SSL certificate verification failures inside the following code.

AbstractVerifier#check(String[] host, X509Certificate cert)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-11302.001.patch
10/Jan/17 22:48
3 kB
Chen Liang

Activity

People

Assignee:: Chen Liang

Reporter:: Xiaoyu Yao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 06/Jan/17 23:05

Updated:: 17/Apr/17 15:41

Resolved:: 06/Apr/17 00:29