hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haohui Mai (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-5893) HftpFileSystem.RangeHeaderUrlOpener uses the default URLConnectionFactory which does not import SSL certificates
Date Thu, 06 Feb 2014 05:10:09 GMT

     [ https://issues.apache.org/jira/browse/HDFS-5893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Haohui Mai updated HDFS-5893:
-----------------------------

    Description: 
When {{HftpFileSystem}} tries to get the data, it create a {{RangeHeaderUrlOpener}} object
to open a HTTP / HTTPS connection to the NN. However, {{HftpFileSystem.RangeHeaderUrlOpener}}
uses the default URLConnectionFactory. It does not import the SSL certificates from ssl-client.xml.
Therefore {{HsftpFileSystem}} fails.

To fix this bug, {{HftpFileSystem.RangeHeaderUrlOpener}} needs to use the same {{URLConnectionFactory}}
as the one used by {{HftpFileSystem}}.

  was:
set dfs.http.policy=HTTPS_ONLY.
And do cat | copyToLocal | get operation on HDFS data using hsftp://NN:NN_HTTPS_PORT.
These operation fails with 'PKIX path building failed' error

RUNNING: hdfs dfs -cat hsftp://NN:NN_HTTPS_PORT/tmp/testfile
cat: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

-------------
RUNNING: hdfs dfs -copyToLocal hsftp://NN:NN_HTTPS_PORT/tmp/TestFile /etc/tmp/data/file1
copyToLocal: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

-------------
RUNNING: hdfs dfs -get hsftp://NN:NN_HTTPS_PORT/tmp/TestFile /etc/tmp/data/file1
get: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target


> HftpFileSystem.RangeHeaderUrlOpener uses the default URLConnectionFactory which does
not import SSL certificates
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-5893
>                 URL: https://issues.apache.org/jira/browse/HDFS-5893
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Yesha Vora
>
> When {{HftpFileSystem}} tries to get the data, it create a {{RangeHeaderUrlOpener}} object
to open a HTTP / HTTPS connection to the NN. However, {{HftpFileSystem.RangeHeaderUrlOpener}}
uses the default URLConnectionFactory. It does not import the SSL certificates from ssl-client.xml.
Therefore {{HsftpFileSystem}} fails.
> To fix this bug, {{HftpFileSystem.RangeHeaderUrlOpener}} needs to use the same {{URLConnectionFactory}}
as the one used by {{HftpFileSystem}}.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message