ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Beerbower" <tbeerbo...@hortonworks.com>
Subject Review Request 35481: Namenode log contains:javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Date Tue, 16 Jun 2015 00:06:15 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35481/
-----------------------------------------------------------

Review request for Ambari, Jonathan Hurley and Robert Levas.


Bugs: AMBARI-11938
    https://issues.apache.org/jira/browse/AMBARI-11938


Repository: ambari


Description
-------

The following is being reported in the namenode logs on a cluster with wire encryption enabled.


    2015-06-05 23:00:17,702 WARN  mortbay.log (Slf4jLog.java:warn(89)) - EXCEPTION 
    javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
    	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
    	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
    	at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723)
    	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)


Ambari JMX alert checks on a kerberized cluster are polling with curl.  The curl call should
use -k to ignore checking the server's certificates.


Diffs
-----

  ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
5e7f795 

Diff: https://reviews.apache.org/r/35481/diff/


Testing
-------

Manual tested on wire encryption enabled cluster.  Verfied that exception does not reproduce
with fix.

mvn clean test

all pass


Thanks,

Tom Beerbower


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message