hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Marquardt (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-16460) ABFS: fix for Sever Name Indication (SNI)
Date Tue, 30 Jul 2019 03:00:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-16460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16895721#comment-16895721
] 

Thomas Marquardt commented on HADOOP-16460:
-------------------------------------------

LGTM  Below are my local test results using a Namespace enabled account in US West:

mvn -T 1C -Dparallel-tests=abfs -Dscale -DtestsThreadCount=8 clean verify

Tests run: 42, Failures: 0, Errors: 0, Skipped: 0

Tests run: 392, Failures: 1, Errors: 0, Skipped: 21

Tests run: 190, Failures: 0, Errors: 0, Skipped: 23

[~snvijaya] before I give my +1 can you explain why it is difficult to add test automation? 
My understanding is that it requires a firewall to block HTTPS connections unless they use
SNI.  Automating a test that enables/disables firewall rules is not something we want, as
it would change the state of the firewall on the machine running the tests and likely cause
problems. Another way to validate it would be to trace the network traffic, which is clearly
non-trivial for TLS connections. I'm ok with there not being test automation and trust the
manual validation work that both you and Vishwajeet did.

[~stevel@apache.org] any concerns?  ABFS is currently the only driver using this and not
having SNI support for is blocking some users from adopting ABFS.  Hopefully this change
will also allow the S3 driver to use wildfly-openssl, but that is tracked by other JIRAs.  

> ABFS: fix for Sever Name Indication (SNI)
> -----------------------------------------
>
>                 Key: HADOOP-16460
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16460
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs/azure
>    Affects Versions: 3.2.0, 3.1.2
>            Reporter: Thomas Marquardt
>            Assignee: Sneha Vijayarajan
>            Priority: Major
>         Attachments: DriverTestResult.log, HADOOP-16460.001.patch
>
>
> We need to update wildfly-openssl to 1.0.7.Final in ./hadoop-project/pom.xml.
>  
> ABFS depends on wildfly-openssl for secure sockets due to the performance improvements.
The current wildfly-openssl does not support Server Name Indication (SNI). A fix was made
in https://github.com/wildfly/wildfly-openssl/issues/59 and there is an official release
of wildfly-openssl with the fix ([https://github.com/wildfly/wildfly-openssl/releases/tag/1.0.7.Final)|https://github.com/wildfly/wildfly-openssl/releases/tag/1.0.7.Final).]. 
The fix has been validated.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message