ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nc...@apache.org
Subject [31/50] [abbrv] ambari git commit: AMBARI-20049. One way SSL fallback logic can cause some agents to be connected with 2-way SSL (aonishuk)
Date Fri, 17 Feb 2017 22:06:30 GMT
AMBARI-20049. One way SSL fallback logic can cause some agents to be connected with 2-way SSL
(aonishuk)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4eaec8ea
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4eaec8ea
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4eaec8ea

Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 4eaec8eab5175303d8ba39439ac60f3deec25f19
Parents: ab53946
Author: Andrew Onishuk <aonishuk@hortonworks.com>
Authored: Thu Feb 16 17:36:27 2017 +0200
Committer: Andrew Onishuk <aonishuk@hortonworks.com>
Committed: Thu Feb 16 17:36:27 2017 +0200

----------------------------------------------------------------------
 .../src/main/python/ambari_agent/security.py       | 17 +++++------------
 .../src/test/python/ambari_agent/TestSecurity.py   |  2 ++
 2 files changed, 7 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4eaec8ea/ambari-agent/src/main/python/ambari_agent/security.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/security.py b/ambari-agent/src/main/python/ambari_agent/security.py
index 72ae954..45de7bb 100644
--- a/ambari-agent/src/main/python/ambari_agent/security.py
+++ b/ambari-agent/src/main/python/ambari_agent/security.py
@@ -55,18 +55,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
         'Server require two-way SSL authentication. Use it instead of one-way...')
 
     if not self.two_way_ssl_required:
-      try:
-        sock = self.create_connection()
-        self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE)
-        logger.info('SSL connection established. Two-way SSL authentication is '
-                    'turned off on the server.')
-      except (ssl.SSLError, AttributeError):
-        self.two_way_ssl_required = True
-        logger.info(
-          'Insecure connection to https://' + self.host + ':' + self.port +
-          '/ failed. Reconnecting using two-way SSL authentication..')
-
-    if self.two_way_ssl_required:
+      sock = self.create_connection()
+      self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE)
+      logger.info('SSL connection established. Two-way SSL authentication is '
+                  'turned off on the server.')
+    else:
       self.certMan = CertificateManager(self.config, self.host)
       self.certMan.initSecurity()
       agent_key = self.certMan.getAgentKeyName()

http://git-wip-us.apache.org/repos/asf/ambari/blob/4eaec8ea/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
index 9e28ae7..c9a7fbe 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
@@ -102,6 +102,8 @@ class TestSecurity(unittest.TestCase):
     wrap_socket_mock.side_effect=ssl.SSLError()
     connection = security.VerifiedHTTPSConnection("example.com",
       self.config.get('server', 'secured_url_port'), self.config)
+    self.config.isTwoWaySSLConnection = MagicMock(return_value=True)
+
     connection._tunnel_host = False
     connection.sock = None
     try:


Mime
View raw message