Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Reviewed
Description
SSLHostnameVerifier interface/class was copied from other projects without any logging to help troubleshooting SSL certificate related issues. For a misconfigured SSL truststore, we may get some very confusing error message like
>hdfs dfs -cat swebhdfs://NNl/tmp/test1.txt
...
cause:java.io.IOException: DN2:50475: HTTPS hostname wrong: should be <DN2>
cat: DN2:50475: HTTPS hostname wrong: should be <DN2>
This ticket is opened to add tracing to give more useful context information around SSL certificate verification failures inside the following code.
AbstractVerifier#check(String[] host, X509Certificate cert)