flume-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hshreedha...@apache.org
Subject [1/2] flume git commit: FLUME-2548: Enable SSLv2Hello for Avro Source and NettyAvroRpcClient
Date Wed, 12 Nov 2014 19:51:54 GMT
Repository: flume
Updated Branches:
  refs/heads/flume-1.5 451fad027 -> 3aceda6eb


FLUME-2548: Enable SSLv2Hello for Avro Source and NettyAvroRpcClient

(Hari Shreedharan via Jarek Jarcec Cecho)


Project: http://git-wip-us.apache.org/repos/asf/flume/repo
Commit: http://git-wip-us.apache.org/repos/asf/flume/commit/2a591110
Tree: http://git-wip-us.apache.org/repos/asf/flume/tree/2a591110
Diff: http://git-wip-us.apache.org/repos/asf/flume/diff/2a591110

Branch: refs/heads/flume-1.5
Commit: 2a59111090433a49ef2bad56219c4838277238dc
Parents: 451fad0
Author: Jarek Jarcec Cecho <jarcec@apache.org>
Authored: Wed Nov 12 06:16:47 2014 -0800
Committer: Hari Shreedharan <hshreedharan@apache.org>
Committed: Wed Nov 12 11:50:30 2014 -0800

----------------------------------------------------------------------
 .../java/org/apache/flume/source/AvroSource.java | 19 +++++++++++--------
 flume-ng-doc/sphinx/FlumeUserGuide.rst           |  2 +-
 .../org/apache/flume/api/NettyAvroRpcClient.java | 15 +++++++++++----
 3 files changed, 23 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/flume/blob/2a591110/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java b/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
index 59ee43a..6eb6a0a 100644
--- a/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
+++ b/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
@@ -25,11 +25,7 @@ import java.io.FileInputStream;
 import java.net.InetSocketAddress;
 import java.security.KeyStore;
 import java.security.Security;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
@@ -149,7 +145,7 @@ public class AvroSource extends AbstractSource implements EventDrivenSource,
   private String keystore;
   private String keystorePassword;
   private String keystoreType;
-  private List<String> excludeProtocols;
+  private final List<String> excludeProtocols = new LinkedList<String>();
   private boolean enableSsl = false;
   private boolean enableIpFilter;
   private String patternRuleConfigDefinition;
@@ -181,8 +177,15 @@ public class AvroSource extends AbstractSource implements EventDrivenSource,
     keystore = context.getString(KEYSTORE_KEY);
     keystorePassword = context.getString(KEYSTORE_PASSWORD_KEY);
     keystoreType = context.getString(KEYSTORE_TYPE_KEY, "JKS");
-    excludeProtocols = Arrays.asList(
-        context.getString(EXCLUDE_PROTOCOLS, "SSLv2Hello SSLv3").split(" "));
+    String excludeProtocolsStr = context.getString(EXCLUDE_PROTOCOLS);
+    if (excludeProtocolsStr == null) {
+      excludeProtocols.add("SSLv3");
+    } else {
+      excludeProtocols.addAll(Arrays.asList(excludeProtocolsStr.split(" ")));
+      if (!excludeProtocols.contains("SSLv3")) {
+        excludeProtocols.add("SSLv3");
+      }
+    }
 
     if (enableSsl) {
       Preconditions.checkNotNull(keystore,

http://git-wip-us.apache.org/repos/asf/flume/blob/2a591110/flume-ng-doc/sphinx/FlumeUserGuide.rst
----------------------------------------------------------------------
diff --git a/flume-ng-doc/sphinx/FlumeUserGuide.rst b/flume-ng-doc/sphinx/FlumeUserGuide.rst
index c70f6de..2da8092 100644
--- a/flume-ng-doc/sphinx/FlumeUserGuide.rst
+++ b/flume-ng-doc/sphinx/FlumeUserGuide.rst
@@ -705,7 +705,7 @@ ssl                  false             Set this to true to enable SSL
encryption
 keystore             --                This is the path to a Java keystore file. Required
for SSL.
 keystore-password    --                The password for the Java keystore. Required for SSL.
 keystore-type        JKS               The type of the Java keystore. This can be "JKS" or
"PKCS12".
-exclude-protocols    SSLv2Hello SSLv3  Space-separated list of SSL/TLS protocols to exclude
+exclude-protocols    SSLv3             Space-separated list of SSL/TLS protocols to exclude.
SSLv3 will always be excluded in addition to the protocols specified.
 ipFilter             false             Set this to true to enable ipFiltering for netty
 ipFilter.rules       --                Define N netty ipFilter pattern rules with this config.
 ==================   ================  ===================================================

http://git-wip-us.apache.org/repos/asf/flume/blob/2a591110/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java
----------------------------------------------------------------------
diff --git a/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java b/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java
index ad9b580..3661672 100644
--- a/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java
+++ b/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java
@@ -96,7 +96,7 @@ implements RpcClient {
   private String truststore;
   private String truststorePassword;
   private String truststoreType;
-  private List<String> excludeProtocols;
+  private final List<String> excludeProtocols = new LinkedList<String>();
 
   private Transceiver transceiver;
   private AvroSourceProtocol.Callback avroClient;
@@ -607,9 +607,16 @@ implements RpcClient {
         RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_PASSWORD);
     truststoreType = properties.getProperty(
         RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_TYPE, "JKS");
-    excludeProtocols = Arrays.asList(properties.getProperty(
-        RpcClientConfigurationConstants.CONFIG_EXCLUDE_PROTOCOLS, "SSLv2Hello SSLv3")
-        .split(" "));
+    String excludeProtocolsStr = properties.getProperty(
+      RpcClientConfigurationConstants.CONFIG_EXCLUDE_PROTOCOLS);
+    if (excludeProtocolsStr == null) {
+      excludeProtocols.add("SSLv3");
+    } else {
+      excludeProtocols.addAll(Arrays.asList(excludeProtocolsStr.split(" ")));
+      if (!excludeProtocols.contains("SSLv3")) {
+        excludeProtocols.add("SSLv3");
+      }
+    }
 
     String maxIoWorkersStr = properties.getProperty(
       RpcClientConfigurationConstants.MAX_IO_WORKERS);


Mime
View raw message