hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoyu Yao (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-11302) Improve Logging for SSLHostnameVerifier
Date Fri, 06 Jan 2017 23:05:58 GMT
Xiaoyu Yao created HDFS-11302:
---------------------------------

             Summary: Improve Logging for SSLHostnameVerifier
                 Key: HDFS-11302
                 URL: https://issues.apache.org/jira/browse/HDFS-11302
             Project: Hadoop HDFS
          Issue Type: Improvement
          Components: security
            Reporter: Xiaoyu Yao
            Assignee: Chen Liang
            Priority: Minor


SSLHostnameVerifier interface/class was copied from other projects without any logging to
help troubleshooting SSL certificate related issues. For a misconfigured SSL truststore, we
may get some very confusing error message like

{code}
>hdfs dfs -cat swebhdfs://NNl/tmp/test1.txt
...
cause:java.io.IOException: DN2:50475: HTTPS hostname wrong:  should be <DN2>
cat: DN2:50475: HTTPS hostname wrong:  should be <DN2>
{code}

This ticket is opened to add tracing to give more useful context information around SSL certificate
verification failures inside the following code.

{code}AbstractVerifier#check(String[] host, X509Certificate cert) {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message