hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Douglas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-5364) Adding SSL certificate expiration warning to hdfsproxy
Date Tue, 28 Apr 2009 22:37:30 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-5364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703864#action_12703864
] 

Chris Douglas commented on HADOOP-5364:
---------------------------------------

As Kan suggested, this should warn for each instance of HsftpFileSystem; this warns once for
the life of the JVM and only one set of certs. If one were to connect to multiple servers
w/ hsftp, only the first would be checked, +/- race conditions.

Simply reading from the config and setting a member variable will work. When performing the
cert expiration check for that handle (should be <= 0), set the member variable to 0 and
dispense with the separate boolean flag. Since open/list are not synchronized, the member
var should be volatile. The synchronization with this approach is not strictly correct; it's
still possible to get multiple warnings from the same handle for multiple threads, but that's
OK.

Other:
* The Date import in HsftpFileSystem is unnecessary
* The expiration threshold property should include the units in which it is expressed. {{ssl.expiration.warn.days}}
seems OK to me
* Instead of setting curTime and performing the conversion for each cert, set the threshold
to curTime + days * ms/day and warn if expTime < that.
* The check should be disabled at the top, not the bottom of the block

> Adding SSL certificate expiration warning to hdfsproxy
> ------------------------------------------------------
>
>                 Key: HADOOP-5364
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5364
>             Project: Hadoop Core
>          Issue Type: Improvement
>          Components: contrib/hdfsproxy
>            Reporter: Kan Zhang
>            Assignee: zhiyong zhang
>         Attachments: HADOOP-5364.patch, HADOOP-5364.patch, HADOOP-5364.patch, HADOOP-5364.patch,
HADOOP-5364.patch, HADOOP-5364.patch
>
>
> SSL certificate warning should be provided on both client and proxy server side.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message