hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mingliang Liu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-13512) ReloadingX509TrustManager should keep reloading in case of exception
Date Thu, 18 Aug 2016 07:04:20 GMT
Mingliang Liu created HADOOP-13512:
--------------------------------------

             Summary: ReloadingX509TrustManager should keep reloading in case of exception
                 Key: HADOOP-13512
                 URL: https://issues.apache.org/jira/browse/HADOOP-13512
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
    Affects Versions: 2.8.0
            Reporter: Mingliang Liu
            Assignee: Mingliang Liu


{{org.apache.hadoop.security.ssl.TestReloadingX509TrustManager}} checks the key store file's
last modified time to decide whether to reload.  This is to avoid unnecessary reload if the
key store file is not changed. To do this, it maintains an internal state {{lastLoaded}} whenever
it tries to reload a file. It also updates the {{lastLoaded}} variable in case of exception
so failing reload will not be retried until the key store file's last modified time changes
again.

Chances are that the reload happens when the key store file is being written. The reload fails
(probably with EOFException) and won't load until key store files's last modified time changes.
After a short period, the key store file is closed after update. However, the last modified
time may not be updated as if it's in the same precision period (e.g. 1 second). In this case,
the updated key store file is never reloaded.

A simple fix is to update the {{lastLoaded}} only when the reload succeeds. {{ReloadingX509TrustManager}}
will keep reloading in case of exception.

Thoughts?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org


Mime
View raw message