Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14341

Support multi-line value for ssl.server.exclude.cipher.list

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7.4
    • Fix Version/s: 2.9.0, 3.0.0-alpha4, 2.8.2
    • Component/s: None
    • Labels:
      None

      Description

      The multi-line value for ssl.server.exclude.cipher.list shown in ssl-server.xml.exmple does not work. The property value

      <property>
        <name>ssl.server.exclude.cipher.list</name>
        <value>TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
        SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,
        SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
        SSL_RSA_WITH_RC4_128_MD5</value>
        <description>Optional. The weak security cipher suites that you want excluded
        from SSL communication.</description>
      </property>
      

      is actually parsed into:

      • "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
      • "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
      • "\nSSL_RSA_WITH_DES_CBC_SHA"
      • "SSL_DHE_RSA_WITH_DES_CBC_SHA"
      • "\nSSL_RSA_EXPORT_WITH_RC4_40_MD5"
      • "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"
      • "\nSSL_RSA_WITH_RC4_128_MD5"
      1. HADOOP-14341.003.patch
        11 kB
        John Zhuge
      2. HADOOP-14341.002.patch
        11 kB
        John Zhuge
      3. HADOOP-14341.001.patch
        11 kB
        John Zhuge

        Issue Links

          Activity

          Hide
          vinodkv Vinod Kumar Vavilapalli added a comment -

          2.8.1 became a security release. Moving fix-version to 2.8.2 after the fact.

          Show
          vinodkv Vinod Kumar Vavilapalli added a comment - 2.8.1 became a security release. Moving fix-version to 2.8.2 after the fact.
          Hide
          hudson Hudson added a comment -

          SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11632 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11632/)
          HADOOP-14341. Support multi-line value for (jzhuge: rev 9ccb849eb69f05bccc3435306ec4bde104e411bf)

          • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfigRedactor.java
          • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/StringUtils.java
          • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
          • (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
          • (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestSSLHttpServer.java
          • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
          Show
          hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11632 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11632/ ) HADOOP-14341 . Support multi-line value for (jzhuge: rev 9ccb849eb69f05bccc3435306ec4bde104e411bf) (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfigRedactor.java (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/StringUtils.java (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestSSLHttpServer.java (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
          Hide
          jzhuge John Zhuge added a comment -

          Committed to trunk, branch-2, and branch-2.8.

          Thanks Steve Loughran for the review.

          Show
          jzhuge John Zhuge added a comment - Committed to trunk, branch-2, and branch-2.8. Thanks Steve Loughran for the review.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 27s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 2 new or modified test files.
          +1 mvninstall 16m 1s trunk passed
          +1 compile 18m 3s trunk passed
          +1 checkstyle 0m 38s trunk passed
          +1 mvnsite 1m 9s trunk passed
          +1 mvneclipse 0m 23s trunk passed
          -1 findbugs 1m 42s hadoop-common-project/hadoop-common in trunk has 17 extant Findbugs warnings.
          +1 javadoc 0m 52s trunk passed
          +1 mvninstall 0m 50s the patch passed
          +1 compile 15m 29s the patch passed
          +1 javac 15m 29s the patch passed
          +1 checkstyle 0m 42s the patch passed
          +1 mvnsite 1m 3s the patch passed
          +1 mvneclipse 0m 21s the patch passed
          +1 whitespace 0m 0s The patch has no whitespace issues.
          +1 findbugs 1m 44s the patch passed
          +1 javadoc 0m 52s the patch passed
          +1 unit 8m 42s hadoop-common in the patch passed.
          +1 asflicense 0m 45s The patch does not generate ASF License warnings.
          71m 45s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ac17dc
          JIRA Issue HADOOP-14341
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12864611/HADOOP-14341.003.patch
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux 6820ec7f241d 3.13.0-107-generic #154-Ubuntu SMP Tue Dec 20 09:57:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / fda86ef
          Default Java 1.8.0_121
          findbugs v3.1.0-RC1
          findbugs https://builds.apache.org/job/PreCommit-HADOOP-Build/12159/artifact/patchprocess/branch-findbugs-hadoop-common-project_hadoop-common-warnings.html
          Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/12159/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/12159/console
          Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 27s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 2 new or modified test files. +1 mvninstall 16m 1s trunk passed +1 compile 18m 3s trunk passed +1 checkstyle 0m 38s trunk passed +1 mvnsite 1m 9s trunk passed +1 mvneclipse 0m 23s trunk passed -1 findbugs 1m 42s hadoop-common-project/hadoop-common in trunk has 17 extant Findbugs warnings. +1 javadoc 0m 52s trunk passed +1 mvninstall 0m 50s the patch passed +1 compile 15m 29s the patch passed +1 javac 15m 29s the patch passed +1 checkstyle 0m 42s the patch passed +1 mvnsite 1m 3s the patch passed +1 mvneclipse 0m 21s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 1m 44s the patch passed +1 javadoc 0m 52s the patch passed +1 unit 8m 42s hadoop-common in the patch passed. +1 asflicense 0m 45s The patch does not generate ASF License warnings. 71m 45s Subsystem Report/Notes Docker Image:yetus/hadoop:0ac17dc JIRA Issue HADOOP-14341 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12864611/HADOOP-14341.003.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 6820ec7f241d 3.13.0-107-generic #154-Ubuntu SMP Tue Dec 20 09:57:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / fda86ef Default Java 1.8.0_121 findbugs v3.1.0-RC1 findbugs https://builds.apache.org/job/PreCommit-HADOOP-Build/12159/artifact/patchprocess/branch-findbugs-hadoop-common-project_hadoop-common-warnings.html Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/12159/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/12159/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          jzhuge John Zhuge added a comment -

          Patch 003

          • Fix checkstyle
          Show
          jzhuge John Zhuge added a comment - Patch 003 Fix checkstyle
          Hide
          jzhuge John Zhuge added a comment -

          Patch 002

          • Steve's comment

          Wait for community input for a few days since the patch changes StringUtils.getTrimmedStrings which impacts Configuration.getTrimmedStrings as well.

          All users of Configuration.getTrimmedStrings will get multi-line property value support for free. Is there any case when multi-line property value is not desired?

          Show
          jzhuge John Zhuge added a comment - Patch 002 Steve's comment Wait for community input for a few days since the patch changes StringUtils.getTrimmedStrings which impacts Configuration.getTrimmedStrings as well. All users of Configuration.getTrimmedStrings will get multi-line property value support for free. Is there any case when multi-line property value is not desired?
          Hide
          stevel@apache.org Steve Loughran added a comment -

          LGTM

          +1, after one minor change: the logDebug line 145 should be guarded to avoid the joinstrings when debug==false

          Show
          stevel@apache.org Steve Loughran added a comment - LGTM +1, after one minor change: the logDebug line 145 should be guarded to avoid the joinstrings when debug==false
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 14s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 2 new or modified test files.
          +1 mvninstall 13m 39s trunk passed
          +1 compile 16m 5s trunk passed
          +1 checkstyle 0m 37s trunk passed
          +1 mvnsite 1m 5s trunk passed
          +1 mvneclipse 0m 20s trunk passed
          -1 findbugs 1m 26s hadoop-common-project/hadoop-common in trunk has 17 extant Findbugs warnings.
          +1 javadoc 0m 50s trunk passed
          +1 mvninstall 0m 39s the patch passed
          +1 compile 14m 14s the patch passed
          +1 javac 14m 14s the patch passed
          -0 checkstyle 0m 39s hadoop-common-project/hadoop-common: The patch generated 2 new + 170 unchanged - 1 fixed = 172 total (was 171)
          +1 mvnsite 1m 4s the patch passed
          +1 mvneclipse 0m 19s the patch passed
          +1 whitespace 0m 0s The patch has no whitespace issues.
          +1 findbugs 2m 34s the patch passed
          +1 javadoc 1m 12s the patch passed
          +1 unit 10m 7s hadoop-common in the patch passed.
          +1 asflicense 0m 55s The patch does not generate ASF License warnings.
          68m 29s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ac17dc
          JIRA Issue HADOOP-14341
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12864466/HADOOP-14341.001.patch
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux 3a0b9758325d 3.13.0-107-generic #154-Ubuntu SMP Tue Dec 20 09:57:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / b080338
          Default Java 1.8.0_121
          findbugs v3.1.0-RC1
          findbugs https://builds.apache.org/job/PreCommit-HADOOP-Build/12150/artifact/patchprocess/branch-findbugs-hadoop-common-project_hadoop-common-warnings.html
          checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/12150/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt
          Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/12150/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/12150/console
          Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 14s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 2 new or modified test files. +1 mvninstall 13m 39s trunk passed +1 compile 16m 5s trunk passed +1 checkstyle 0m 37s trunk passed +1 mvnsite 1m 5s trunk passed +1 mvneclipse 0m 20s trunk passed -1 findbugs 1m 26s hadoop-common-project/hadoop-common in trunk has 17 extant Findbugs warnings. +1 javadoc 0m 50s trunk passed +1 mvninstall 0m 39s the patch passed +1 compile 14m 14s the patch passed +1 javac 14m 14s the patch passed -0 checkstyle 0m 39s hadoop-common-project/hadoop-common: The patch generated 2 new + 170 unchanged - 1 fixed = 172 total (was 171) +1 mvnsite 1m 4s the patch passed +1 mvneclipse 0m 19s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 2m 34s the patch passed +1 javadoc 1m 12s the patch passed +1 unit 10m 7s hadoop-common in the patch passed. +1 asflicense 0m 55s The patch does not generate ASF License warnings. 68m 29s Subsystem Report/Notes Docker Image:yetus/hadoop:0ac17dc JIRA Issue HADOOP-14341 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12864466/HADOOP-14341.001.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 3a0b9758325d 3.13.0-107-generic #154-Ubuntu SMP Tue Dec 20 09:57:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / b080338 Default Java 1.8.0_121 findbugs v3.1.0-RC1 findbugs https://builds.apache.org/job/PreCommit-HADOOP-Build/12150/artifact/patchprocess/branch-findbugs-hadoop-common-project_hadoop-common-warnings.html checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/12150/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/12150/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/12150/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          jzhuge John Zhuge added a comment -

          Patch 001

          • Enhance StringUtils.getTrimmedStrings to parse multi-line property values, i.e., comma separated but no comma necessary between 2 lines
          • Enhance unit test TestSSLHttpServer and TestSSLFactory with multi-line strings
          • Modify ConfigRedactor to use StringUtils.getTrimmedStrings

          Testing done

          • Run unit test TestSSLHttpServer, TestSSLFactory, and TestConfigRedactor
          Show
          jzhuge John Zhuge added a comment - Patch 001 Enhance StringUtils.getTrimmedStrings to parse multi-line property values, i.e., comma separated but no comma necessary between 2 lines Enhance unit test TestSSLHttpServer and TestSSLFactory with multi-line strings Modify ConfigRedactor to use StringUtils.getTrimmedStrings Testing done Run unit test TestSSLHttpServer, TestSSLFactory, and TestConfigRedactor

            People

            • Assignee:
              jzhuge John Zhuge
              Reporter:
              jzhuge John Zhuge
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development