Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12886

Exclude weak ciphers in SSLFactory through ssl-server.xml

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      HADOOP-12668 added support to exclude weak ciphers in HttpServer2, which is good for name nodes. But data node web UI is based on Netty, which uses SSLFactory and does not read ssl-server.xml to exclude the ciphers.

      We should also add the same support for Netty for consistency.

      I will attach a full patch later.

      1. HADOOP-12886.001.patch
        4 kB
        Wei-Chiu Chuang
      2. HADOOP-12886.002.patch
        11 kB
        Wei-Chiu Chuang
      3. HADOOP-12886.003.patch
        11 kB
        Wei-Chiu Chuang
      4. HADOOP-12886.004.patch
        11 kB
        Wei-Chiu Chuang

        Issue Links

          Activity

          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Thanks Zhe Zhang for multiple rounds of reviewing and committing the patch!

          Show
          jojochuang Wei-Chiu Chuang added a comment - Thanks Zhe Zhang for multiple rounds of reviewing and committing the patch!
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-trunk-Commit #9529 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9529/)
          HADOOP-12886. Exclude weak ciphers in SSLFactory through ssl-server.xml. (zezhang: rev e4fc609d5d3739b7809057954c5233cfd1d1117b)

          • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
          • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #9529 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9529/ ) HADOOP-12886 . Exclude weak ciphers in SSLFactory through ssl-server.xml. (zezhang: rev e4fc609d5d3739b7809057954c5233cfd1d1117b) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
          Hide
          zhz Zhe Zhang added a comment -

          Thanks Wei-Chiu. +1 on the v4 patch. I just committed the change to trunk, branch-2, and branch-2.8.

          Show
          zhz Zhe Zhang added a comment - Thanks Wei-Chiu. +1 on the v4 patch. I just committed the change to trunk, branch-2, and branch-2.8.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 18s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
          +1 mvninstall 9m 15s trunk passed
          +1 compile 11m 25s trunk passed with JDK v1.8.0_74
          +1 compile 9m 45s trunk passed with JDK v1.7.0_95
          +1 checkstyle 0m 26s trunk passed
          +1 mvnsite 1m 11s trunk passed
          +1 mvneclipse 0m 18s trunk passed
          +1 findbugs 2m 3s trunk passed
          +1 javadoc 1m 18s trunk passed with JDK v1.8.0_74
          +1 javadoc 1m 25s trunk passed with JDK v1.7.0_95
          +1 mvninstall 0m 55s the patch passed
          +1 compile 11m 19s the patch passed with JDK v1.8.0_74
          +1 javac 11m 19s the patch passed
          +1 compile 9m 50s the patch passed with JDK v1.7.0_95
          +1 javac 9m 50s the patch passed
          +1 checkstyle 0m 26s the patch passed
          +1 mvnsite 1m 15s the patch passed
          +1 mvneclipse 0m 17s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 findbugs 2m 20s the patch passed
          +1 javadoc 1m 15s the patch passed with JDK v1.8.0_74
          +1 javadoc 1m 28s the patch passed with JDK v1.7.0_95
          -1 unit 11m 21s hadoop-common in the patch failed with JDK v1.8.0_74.
          -1 unit 10m 31s hadoop-common in the patch failed with JDK v1.7.0_95.
          -1 asflicense 0m 32s Patch generated 3 ASF License warnings.
          90m 29s



          Reason Tests
          JDK v1.8.0_74 Timed out junit tests org.apache.hadoop.util.TestNativeLibraryChecker
          JDK v1.7.0_95 Timed out junit tests org.apache.hadoop.util.TestNativeLibraryChecker



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:fbe3e86
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12795950/HADOOP-12886.004.patch
          JIRA Issue HADOOP-12886
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux ede2c6f5e21c 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / ddfe677
          Default Java 1.7.0_95
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_74 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
          findbugs v3.0.0
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_74.txt
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
          unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_74.txt https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
          JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/testReport/
          asflicense https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-asflicense-problems.txt
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/console
          Powered by Apache Yetus 0.2.0 http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 18s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files. +1 mvninstall 9m 15s trunk passed +1 compile 11m 25s trunk passed with JDK v1.8.0_74 +1 compile 9m 45s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 26s trunk passed +1 mvnsite 1m 11s trunk passed +1 mvneclipse 0m 18s trunk passed +1 findbugs 2m 3s trunk passed +1 javadoc 1m 18s trunk passed with JDK v1.8.0_74 +1 javadoc 1m 25s trunk passed with JDK v1.7.0_95 +1 mvninstall 0m 55s the patch passed +1 compile 11m 19s the patch passed with JDK v1.8.0_74 +1 javac 11m 19s the patch passed +1 compile 9m 50s the patch passed with JDK v1.7.0_95 +1 javac 9m 50s the patch passed +1 checkstyle 0m 26s the patch passed +1 mvnsite 1m 15s the patch passed +1 mvneclipse 0m 17s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 findbugs 2m 20s the patch passed +1 javadoc 1m 15s the patch passed with JDK v1.8.0_74 +1 javadoc 1m 28s the patch passed with JDK v1.7.0_95 -1 unit 11m 21s hadoop-common in the patch failed with JDK v1.8.0_74. -1 unit 10m 31s hadoop-common in the patch failed with JDK v1.7.0_95. -1 asflicense 0m 32s Patch generated 3 ASF License warnings. 90m 29s Reason Tests JDK v1.8.0_74 Timed out junit tests org.apache.hadoop.util.TestNativeLibraryChecker JDK v1.7.0_95 Timed out junit tests org.apache.hadoop.util.TestNativeLibraryChecker Subsystem Report/Notes Docker Image:yetus/hadoop:fbe3e86 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12795950/HADOOP-12886.004.patch JIRA Issue HADOOP-12886 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux ede2c6f5e21c 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / ddfe677 Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_74 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_74.txt unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_74.txt https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/testReport/ asflicense https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/artifact/patchprocess/patch-asflicense-problems.txt modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8961/console Powered by Apache Yetus 0.2.0 http://yetus.apache.org This message was automatically generated.
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Thanks again Zhe Zhang for reviewing it.
          In addition to addressing your comments, I added additional code to deal with the corner case where the exclude list string is empty, and that it should initializes an empty list, instead of initializing a one element list. This actually doesn't change anything though.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Thanks again Zhe Zhang for reviewing it. In addition to addressing your comments, I added additional code to deal with the corner case where the exclude list string is empty, and that it should initializes an empty list, instead of initializing a one element list. This actually doesn't change anything though.
          Hide
          zhz Zhe Zhang added a comment -

          Thanks Wei-Chiu for adding the test. +1 on the v3 patch pending 2 nits:

          1. Can we avoid wildcard import in the test class?
          2. Below type casting is unnecessary:
            cipherSuites = (String[])(defaultEnabledCipherSuites.toArray(
                    new String[defaultEnabledCipherSuites.size()]));
            
          Show
          zhz Zhe Zhang added a comment - Thanks Wei-Chiu for adding the test. +1 on the v3 patch pending 2 nits: Can we avoid wildcard import in the test class? Below type casting is unnecessary: cipherSuites = ( String [])(defaultEnabledCipherSuites.toArray( new String [defaultEnabledCipherSuites.size()]));
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Unit test failures are unrelated, and asf licensing warning is unrelated too.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Unit test failures are unrelated, and asf licensing warning is unrelated too.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 12s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
          +1 mvninstall 7m 2s trunk passed
          +1 compile 6m 17s trunk passed with JDK v1.8.0_74
          +1 compile 7m 15s trunk passed with JDK v1.7.0_95
          +1 checkstyle 0m 21s trunk passed
          +1 mvnsite 0m 57s trunk passed
          +1 mvneclipse 0m 13s trunk passed
          +1 findbugs 1m 33s trunk passed
          +1 javadoc 0m 53s trunk passed with JDK v1.8.0_74
          +1 javadoc 1m 5s trunk passed with JDK v1.7.0_95
          +1 mvninstall 0m 40s the patch passed
          +1 compile 6m 13s the patch passed with JDK v1.8.0_74
          +1 javac 6m 13s the patch passed
          +1 compile 7m 14s the patch passed with JDK v1.7.0_95
          +1 javac 7m 14s the patch passed
          +1 checkstyle 0m 21s the patch passed
          +1 mvnsite 0m 57s the patch passed
          +1 mvneclipse 0m 12s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 findbugs 1m 53s the patch passed
          +1 javadoc 0m 55s the patch passed with JDK v1.8.0_74
          +1 javadoc 1m 3s the patch passed with JDK v1.7.0_95
          -1 unit 6m 51s hadoop-common in the patch failed with JDK v1.8.0_74.
          -1 unit 7m 0s hadoop-common in the patch failed with JDK v1.7.0_95.
          -1 asflicense 0m 21s Patch generated 2 ASF License warnings.
          60m 36s



          Reason Tests
          JDK v1.8.0_74 Failed junit tests hadoop.net.TestDNS
          JDK v1.8.0_74 Timed out junit tests org.apache.hadoop.util.TestNativeLibraryChecker
          JDK v1.7.0_95 Failed junit tests hadoop.net.TestDNS
            hadoop.net.TestClusterTopology
          JDK v1.7.0_95 Timed out junit tests org.apache.hadoop.util.TestNativeLibraryChecker



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:fbe3e86
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12794793/HADOOP-12886.003.patch
          JIRA Issue HADOOP-12886
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux d722c9d5b32a 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / e7ed05e
          Default Java 1.7.0_95
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_74 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
          findbugs v3.0.0
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_74.txt
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
          unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_74.txt https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
          JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/testReport/
          asflicense https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-asflicense-problems.txt
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/console
          Powered by Apache Yetus 0.2.0 http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 12s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files. +1 mvninstall 7m 2s trunk passed +1 compile 6m 17s trunk passed with JDK v1.8.0_74 +1 compile 7m 15s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 21s trunk passed +1 mvnsite 0m 57s trunk passed +1 mvneclipse 0m 13s trunk passed +1 findbugs 1m 33s trunk passed +1 javadoc 0m 53s trunk passed with JDK v1.8.0_74 +1 javadoc 1m 5s trunk passed with JDK v1.7.0_95 +1 mvninstall 0m 40s the patch passed +1 compile 6m 13s the patch passed with JDK v1.8.0_74 +1 javac 6m 13s the patch passed +1 compile 7m 14s the patch passed with JDK v1.7.0_95 +1 javac 7m 14s the patch passed +1 checkstyle 0m 21s the patch passed +1 mvnsite 0m 57s the patch passed +1 mvneclipse 0m 12s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 findbugs 1m 53s the patch passed +1 javadoc 0m 55s the patch passed with JDK v1.8.0_74 +1 javadoc 1m 3s the patch passed with JDK v1.7.0_95 -1 unit 6m 51s hadoop-common in the patch failed with JDK v1.8.0_74. -1 unit 7m 0s hadoop-common in the patch failed with JDK v1.7.0_95. -1 asflicense 0m 21s Patch generated 2 ASF License warnings. 60m 36s Reason Tests JDK v1.8.0_74 Failed junit tests hadoop.net.TestDNS JDK v1.8.0_74 Timed out junit tests org.apache.hadoop.util.TestNativeLibraryChecker JDK v1.7.0_95 Failed junit tests hadoop.net.TestDNS   hadoop.net.TestClusterTopology JDK v1.7.0_95 Timed out junit tests org.apache.hadoop.util.TestNativeLibraryChecker Subsystem Report/Notes Docker Image:yetus/hadoop:fbe3e86 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12794793/HADOOP-12886.003.patch JIRA Issue HADOOP-12886 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux d722c9d5b32a 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / e7ed05e Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_74 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_74.txt unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_74.txt https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/testReport/ asflicense https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/artifact/patchprocess/patch-asflicense-problems.txt modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8894/console Powered by Apache Yetus 0.2.0 http://yetus.apache.org This message was automatically generated.
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Rev03: fixed the checkstyle warning.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Rev03: fixed the checkstyle warning.
          Hide
          hadoopqa Hadoop QA added a comment -
          +1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 17s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 1s The patch appears to include 1 new or modified test files.
          +1 mvninstall 6m 50s trunk passed
          +1 compile 6m 0s trunk passed with JDK v1.8.0_74
          +1 compile 7m 1s trunk passed with JDK v1.7.0_95
          +1 checkstyle 0m 22s trunk passed
          +1 mvnsite 0m 59s trunk passed
          +1 mvneclipse 0m 15s trunk passed
          +1 findbugs 1m 37s trunk passed
          +1 javadoc 0m 52s trunk passed with JDK v1.8.0_74
          +1 javadoc 1m 6s trunk passed with JDK v1.7.0_95
          +1 mvninstall 0m 42s the patch passed
          +1 compile 6m 3s the patch passed with JDK v1.8.0_74
          -1 javac 10m 33s root-jdk1.8.0_74 with JDK v1.8.0_74 generated 1 new + 737 unchanged - 1 fixed = 738 total (was 738)
          +1 javac 6m 3s the patch passed
          +1 compile 6m 57s the patch passed with JDK v1.7.0_95
          +1 javac 6m 57s the patch passed
          +1 checkstyle 0m 22s the patch passed
          +1 mvnsite 0m 59s the patch passed
          +1 mvneclipse 0m 14s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 findbugs 1m 51s the patch passed
          +1 javadoc 0m 54s the patch passed with JDK v1.8.0_74
          +1 javadoc 1m 4s the patch passed with JDK v1.7.0_95
          +1 unit 7m 9s hadoop-common in the patch passed with JDK v1.8.0_74.
          +1 unit 7m 33s hadoop-common in the patch passed with JDK v1.7.0_95.
          +1 asflicense 0m 24s Patch does not generate ASF License warnings.
          60m 42s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ca8df7
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12793772/HADOOP-12886.002.patch
          JIRA Issue HADOOP-12886
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux 6b34692ff690 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / 605fdcb
          Default Java 1.7.0_95
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_74 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
          findbugs v3.0.0
          javac root-jdk1.8.0_74: https://builds.apache.org/job/PreCommit-HADOOP-Build/8862/artifact/patchprocess/diff-compile-javac-root-jdk1.8.0_74.txt
          JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8862/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8862/console
          Powered by Apache Yetus 0.2.0 http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 17s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 1s The patch appears to include 1 new or modified test files. +1 mvninstall 6m 50s trunk passed +1 compile 6m 0s trunk passed with JDK v1.8.0_74 +1 compile 7m 1s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 22s trunk passed +1 mvnsite 0m 59s trunk passed +1 mvneclipse 0m 15s trunk passed +1 findbugs 1m 37s trunk passed +1 javadoc 0m 52s trunk passed with JDK v1.8.0_74 +1 javadoc 1m 6s trunk passed with JDK v1.7.0_95 +1 mvninstall 0m 42s the patch passed +1 compile 6m 3s the patch passed with JDK v1.8.0_74 -1 javac 10m 33s root-jdk1.8.0_74 with JDK v1.8.0_74 generated 1 new + 737 unchanged - 1 fixed = 738 total (was 738) +1 javac 6m 3s the patch passed +1 compile 6m 57s the patch passed with JDK v1.7.0_95 +1 javac 6m 57s the patch passed +1 checkstyle 0m 22s the patch passed +1 mvnsite 0m 59s the patch passed +1 mvneclipse 0m 14s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 findbugs 1m 51s the patch passed +1 javadoc 0m 54s the patch passed with JDK v1.8.0_74 +1 javadoc 1m 4s the patch passed with JDK v1.7.0_95 +1 unit 7m 9s hadoop-common in the patch passed with JDK v1.8.0_74. +1 unit 7m 33s hadoop-common in the patch passed with JDK v1.7.0_95. +1 asflicense 0m 24s Patch does not generate ASF License warnings. 60m 42s Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12793772/HADOOP-12886.002.patch JIRA Issue HADOOP-12886 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 6b34692ff690 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 605fdcb Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_74 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 javac root-jdk1.8.0_74: https://builds.apache.org/job/PreCommit-HADOOP-Build/8862/artifact/patchprocess/diff-compile-javac-root-jdk1.8.0_74.txt JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8862/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8862/console Powered by Apache Yetus 0.2.0 http://yetus.apache.org This message was automatically generated.
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Thanks Zhe Zhang for the initial review.
          I posted a new patch with a new test case. This test case uses SSLFactory.createSSLEngine to create client and server SSLEngine. The server excludes some weak cipher suites whereas the client only accepts them.

          The test code is relatively long, but it's actually a lightweight test that exchanges messages between client and server SSLEngine using ByteBuffer, rather than network socket, or even launching netty for testing, which are much more heavyweight. It is adapted from Oracle's example https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/samples/sslengine/SSLEngineSimpleDemo.java and https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Thanks Zhe Zhang for the initial review. I posted a new patch with a new test case. This test case uses SSLFactory.createSSLEngine to create client and server SSLEngine. The server excludes some weak cipher suites whereas the client only accepts them. The test code is relatively long, but it's actually a lightweight test that exchanges messages between client and server SSLEngine using ByteBuffer, rather than network socket, or even launching netty for testing, which are much more heavyweight. It is adapted from Oracle's example https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/samples/sslengine/SSLEngineSimpleDemo.java and https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html .
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 10s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
          +1 mvninstall 6m 56s trunk passed
          +1 compile 7m 31s trunk passed with JDK v1.8.0_74
          +1 compile 7m 1s trunk passed with JDK v1.7.0_95
          +1 checkstyle 0m 21s trunk passed
          +1 mvnsite 1m 0s trunk passed
          +1 mvneclipse 0m 13s trunk passed
          +1 findbugs 1m 37s trunk passed
          +1 javadoc 1m 3s trunk passed with JDK v1.8.0_74
          +1 javadoc 1m 6s trunk passed with JDK v1.7.0_95
          +1 mvninstall 0m 42s the patch passed
          +1 compile 7m 22s the patch passed with JDK v1.8.0_74
          -1 javac 12m 1s root-jdk1.8.0_74 with JDK v1.8.0_74 generated 1 new + 737 unchanged - 1 fixed = 738 total (was 738)
          +1 javac 7m 22s the patch passed
          +1 compile 7m 2s the patch passed with JDK v1.7.0_95
          +1 javac 7m 2s the patch passed
          -1 checkstyle 0m 20s hadoop-common-project/hadoop-common: patch generated 1 new + 9 unchanged - 0 fixed = 10 total (was 9)
          +1 mvnsite 0m 56s the patch passed
          +1 mvneclipse 0m 12s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 findbugs 1m 50s the patch passed
          +1 javadoc 1m 2s the patch passed with JDK v1.8.0_74
          +1 javadoc 1m 4s the patch passed with JDK v1.7.0_95
          +1 unit 8m 18s hadoop-common in the patch passed with JDK v1.8.0_74.
          -1 unit 8m 1s hadoop-common in the patch failed with JDK v1.7.0_95.
          +1 asflicense 0m 21s Patch does not generate ASF License warnings.
          65m 14s



          Reason Tests
          JDK v1.7.0_95 Failed junit tests hadoop.net.TestClusterTopology



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ca8df7
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12791384/HADOOP-12886.001.patch
          JIRA Issue HADOOP-12886
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux 09e45edacf92 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / 391da36
          Default Java 1.7.0_95
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_74 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
          findbugs v3.0.0
          javac root-jdk1.8.0_74: https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/artifact/patchprocess/diff-compile-javac-root-jdk1.8.0_74.txt
          checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
          unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
          JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/console
          Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 10s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 6m 56s trunk passed +1 compile 7m 31s trunk passed with JDK v1.8.0_74 +1 compile 7m 1s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 21s trunk passed +1 mvnsite 1m 0s trunk passed +1 mvneclipse 0m 13s trunk passed +1 findbugs 1m 37s trunk passed +1 javadoc 1m 3s trunk passed with JDK v1.8.0_74 +1 javadoc 1m 6s trunk passed with JDK v1.7.0_95 +1 mvninstall 0m 42s the patch passed +1 compile 7m 22s the patch passed with JDK v1.8.0_74 -1 javac 12m 1s root-jdk1.8.0_74 with JDK v1.8.0_74 generated 1 new + 737 unchanged - 1 fixed = 738 total (was 738) +1 javac 7m 22s the patch passed +1 compile 7m 2s the patch passed with JDK v1.7.0_95 +1 javac 7m 2s the patch passed -1 checkstyle 0m 20s hadoop-common-project/hadoop-common: patch generated 1 new + 9 unchanged - 0 fixed = 10 total (was 9) +1 mvnsite 0m 56s the patch passed +1 mvneclipse 0m 12s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 findbugs 1m 50s the patch passed +1 javadoc 1m 2s the patch passed with JDK v1.8.0_74 +1 javadoc 1m 4s the patch passed with JDK v1.7.0_95 +1 unit 8m 18s hadoop-common in the patch passed with JDK v1.8.0_74. -1 unit 8m 1s hadoop-common in the patch failed with JDK v1.7.0_95. +1 asflicense 0m 21s Patch does not generate ASF License warnings. 65m 14s Reason Tests JDK v1.7.0_95 Failed junit tests hadoop.net.TestClusterTopology Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12791384/HADOOP-12886.001.patch JIRA Issue HADOOP-12886 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 09e45edacf92 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 391da36 Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_74 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 javac root-jdk1.8.0_74: https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/artifact/patchprocess/diff-compile-javac-root-jdk1.8.0_74.txt checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8812/console Powered by Apache Yetus 0.3.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          zhz Zhe Zhang added a comment -

          Thanks Wei-Chiu. Patch LGTM overall. I just triggered Jenkins. A few minors:

          1. Empty line change in init doesn't seem necessary
          2. "LOG.debug("Disable cipher suite {}.", cipherName);" => disabling?
          3. Can we have a unit test?
          Show
          zhz Zhe Zhang added a comment - Thanks Wei-Chiu. Patch LGTM overall. I just triggered Jenkins. A few minors: Empty line change in init doesn't seem necessary "LOG.debug("Disable cipher suite {}.", cipherName);" => disabling? Can we have a unit test?
          Hide
          jojochuang Wei-Chiu Chuang added a comment -

          Rev01: initial patch for SSLFactory to exclude cipher suites listed listed in ssl-server.xml.

          I have tested this patch on a CDH cluster, and this is the result of opening an SSL connection using excluded cipher suites to a data node web URL:

          openssl s_client -connect weichiu-cipher-2.vpc.cloudera.com:20004 -cipher RC4-SHA
          CONNECTED(00000003)
          139952247441224:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
          ---
          no peer certificate available
          ---
          No client certificate CA names sent
          ---
          SSL handshake has read 0 bytes and written 99 bytes
          ---
          New, (NONE), Cipher is (NONE)
          Secure Renegotiation IS NOT supported
          Compression: NONE
          Expansion: NONE
          ---
          

          I'll include test cases in the next revision.

          Show
          jojochuang Wei-Chiu Chuang added a comment - Rev01: initial patch for SSLFactory to exclude cipher suites listed listed in ssl-server.xml. I have tested this patch on a CDH cluster, and this is the result of opening an SSL connection using excluded cipher suites to a data node web URL: openssl s_client -connect weichiu-cipher-2.vpc.cloudera.com:20004 -cipher RC4-SHA CONNECTED(00000003) 139952247441224:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 99 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- I'll include test cases in the next revision.

            People

            • Assignee:
              jojochuang Wei-Chiu Chuang
              Reporter:
              jojochuang Wei-Chiu Chuang
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development