Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.9.0, 3.0.0-alpha4
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      SSLHostnameVerifier interface/class was copied from other projects without any logging to help troubleshooting SSL certificate related issues. For a misconfigured SSL truststore, we may get some very confusing error message like

      >hdfs dfs -cat swebhdfs://NNl/tmp/test1.txt
      ...
      cause:java.io.IOException: DN2:50475: HTTPS hostname wrong:  should be <DN2>
      cat: DN2:50475: HTTPS hostname wrong:  should be <DN2>
      

      This ticket is opened to add tracing to give more useful context information around SSL certificate verification failures inside the following code.

      AbstractVerifier#check(String[] host, X509Certificate cert) 

        Activity

        Hide
        liuml07 Mingliang Liu added a comment -

        According to the pain in one of our support cases, I strongly +1 on this proposal. Thanks Xiaoyu.

        Show
        liuml07 Mingliang Liu added a comment - According to the pain in one of our support cases, I strongly +1 on this proposal. Thanks Xiaoyu.
        Hide
        xyao Xiaoyu Yao added a comment -

        Thanks Chen Liang for working on this. Patch looks good to me. +1 pending Jenkins.

        Show
        xyao Xiaoyu Yao added a comment - Thanks Chen Liang for working on this. Patch looks good to me. +1 pending Jenkins.
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 20s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 mvninstall 13m 36s trunk passed
        +1 compile 10m 44s trunk passed
        +1 checkstyle 0m 38s trunk passed
        +1 mvnsite 1m 14s trunk passed
        +1 mvneclipse 0m 19s trunk passed
        +1 findbugs 1m 37s trunk passed
        +1 javadoc 0m 52s trunk passed
        +1 mvninstall 0m 44s the patch passed
        +1 compile 10m 32s the patch passed
        +1 javac 10m 32s the patch passed
        -0 checkstyle 0m 34s hadoop-common-project/hadoop-common: The patch generated 10 new + 318 unchanged - 1 fixed = 328 total (was 319)
        +1 mvnsite 1m 4s the patch passed
        +1 mvneclipse 0m 19s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 1m 44s the patch passed
        +1 javadoc 0m 49s the patch passed
        +1 unit 8m 25s hadoop-common in the patch passed.
        +1 asflicense 0m 32s The patch does not generate ASF License warnings.
        55m 11s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:a9ad5d6
        JIRA Issue HDFS-11302
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12846694/HDFS-11302.001.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux d5a4be425ac7 3.13.0-105-generic #152-Ubuntu SMP Fri Dec 2 15:37:11 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / e692316
        Default Java 1.8.0_111
        findbugs v3.0.0
        checkstyle https://builds.apache.org/job/PreCommit-HDFS-Build/18134/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt
        Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18134/testReport/
        modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
        Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18134/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 20s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 13m 36s trunk passed +1 compile 10m 44s trunk passed +1 checkstyle 0m 38s trunk passed +1 mvnsite 1m 14s trunk passed +1 mvneclipse 0m 19s trunk passed +1 findbugs 1m 37s trunk passed +1 javadoc 0m 52s trunk passed +1 mvninstall 0m 44s the patch passed +1 compile 10m 32s the patch passed +1 javac 10m 32s the patch passed -0 checkstyle 0m 34s hadoop-common-project/hadoop-common: The patch generated 10 new + 318 unchanged - 1 fixed = 328 total (was 319) +1 mvnsite 1m 4s the patch passed +1 mvneclipse 0m 19s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 1m 44s the patch passed +1 javadoc 0m 49s the patch passed +1 unit 8m 25s hadoop-common in the patch passed. +1 asflicense 0m 32s The patch does not generate ASF License warnings. 55m 11s Subsystem Report/Notes Docker Image:yetus/hadoop:a9ad5d6 JIRA Issue HDFS-11302 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12846694/HDFS-11302.001.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux d5a4be425ac7 3.13.0-105-generic #152-Ubuntu SMP Fri Dec 2 15:37:11 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / e692316 Default Java 1.8.0_111 findbugs v3.0.0 checkstyle https://builds.apache.org/job/PreCommit-HDFS-Build/18134/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18134/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18134/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        vagarychen Chen Liang added a comment -

        The v001 patch is following the existing style of this class, which is different from Jenkins desired style. This is the cause of all the checkstyle complains here.

        Show
        vagarychen Chen Liang added a comment - The v001 patch is following the existing style of this class, which is different from Jenkins desired style. This is the cause of all the checkstyle complains here.
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 39s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 mvninstall 16m 5s trunk passed
        +1 compile 21m 17s trunk passed
        +1 checkstyle 0m 51s trunk passed
        +1 mvnsite 1m 28s trunk passed
        +1 mvneclipse 0m 22s trunk passed
        +1 findbugs 1m 44s trunk passed
        +1 javadoc 0m 55s trunk passed
        +1 mvninstall 0m 50s the patch passed
        +1 compile 17m 15s the patch passed
        +1 javac 17m 15s the patch passed
        -0 checkstyle 0m 44s hadoop-common-project/hadoop-common: The patch generated 10 new + 287 unchanged - 1 fixed = 297 total (was 288)
        +1 mvnsite 1m 18s the patch passed
        +1 mvneclipse 0m 20s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 1m 52s the patch passed
        +1 javadoc 0m 54s the patch passed
        +1 unit 8m 18s hadoop-common in the patch passed.
        +1 asflicense 0m 29s The patch does not generate ASF License warnings.
        76m 43s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:a9ad5d6
        JIRA Issue HDFS-11302
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12846694/HDFS-11302.001.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux aeb560d43e58 3.13.0-106-generic #153-Ubuntu SMP Tue Dec 6 15:44:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / 063b513
        Default Java 1.8.0_121
        findbugs v3.0.0
        checkstyle https://builds.apache.org/job/PreCommit-HDFS-Build/18877/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt
        Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18877/testReport/
        modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
        Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18877/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 39s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 16m 5s trunk passed +1 compile 21m 17s trunk passed +1 checkstyle 0m 51s trunk passed +1 mvnsite 1m 28s trunk passed +1 mvneclipse 0m 22s trunk passed +1 findbugs 1m 44s trunk passed +1 javadoc 0m 55s trunk passed +1 mvninstall 0m 50s the patch passed +1 compile 17m 15s the patch passed +1 javac 17m 15s the patch passed -0 checkstyle 0m 44s hadoop-common-project/hadoop-common: The patch generated 10 new + 287 unchanged - 1 fixed = 297 total (was 288) +1 mvnsite 1m 18s the patch passed +1 mvneclipse 0m 20s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 1m 52s the patch passed +1 javadoc 0m 54s the patch passed +1 unit 8m 18s hadoop-common in the patch passed. +1 asflicense 0m 29s The patch does not generate ASF License warnings. 76m 43s Subsystem Report/Notes Docker Image:yetus/hadoop:a9ad5d6 JIRA Issue HDFS-11302 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12846694/HDFS-11302.001.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux aeb560d43e58 3.13.0-106-generic #153-Ubuntu SMP Tue Dec 6 15:44:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 063b513 Default Java 1.8.0_121 findbugs v3.0.0 checkstyle https://builds.apache.org/job/PreCommit-HDFS-Build/18877/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18877/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18877/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        xiaobingo Xiaobing Zhou added a comment -

        Thanks for the patch Chen Liang. LGTM, +1 non-binding.

        Show
        xiaobingo Xiaobing Zhou added a comment - Thanks for the patch Chen Liang . LGTM, +1 non-binding.
        Hide
        xyao Xiaoyu Yao added a comment -

        +1 for the patch too. I will commit it shortly.

        Show
        xyao Xiaoyu Yao added a comment - +1 for the patch too. I will commit it shortly.
        Hide
        xyao Xiaoyu Yao added a comment - - edited

        Thanks Chen Liang for the contribution and all for the reviews. I've commit the fix to trunk and 2.9.0.

        Show
        xyao Xiaoyu Yao added a comment - - edited Thanks Chen Liang for the contribution and all for the reviews. I've commit the fix to trunk and 2.9.0.
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11538 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11538/)
        HDFS-11302. Improve Logging for SSLHostnameVerifier. Contributed by Chen (xyao: rev 32bb36b750ab656f2f32f6c74eaa1a3e68ae956e)

        • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11538 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11538/ ) HDFS-11302 . Improve Logging for SSLHostnameVerifier. Contributed by Chen (xyao: rev 32bb36b750ab656f2f32f6c74eaa1a3e68ae956e) (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11591 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11591/)
        HDFS-11302. Improve Logging for SSLHostnameVerifier. Contributed by Chen (xyao: rev 32bb36b750ab656f2f32f6c74eaa1a3e68ae956e)

        • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11591 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11591/ ) HDFS-11302 . Improve Logging for SSLHostnameVerifier. Contributed by Chen (xyao: rev 32bb36b750ab656f2f32f6c74eaa1a3e68ae956e) (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java

          People

          • Assignee:
            vagarychen Chen Liang
            Reporter:
            xyao Xiaoyu Yao
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development