hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaobing Zhou (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11302) Improve Logging for SSLHostnameVerifier
Date Wed, 05 Apr 2017 23:33:41 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15958026#comment-15958026
] 

Xiaobing Zhou commented on HDFS-11302:
--------------------------------------

Thanks for the patch [~vagarychen]. LGTM, +1 non-binding.

> Improve Logging for SSLHostnameVerifier
> ---------------------------------------
>
>                 Key: HDFS-11302
>                 URL: https://issues.apache.org/jira/browse/HDFS-11302
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: security
>            Reporter: Xiaoyu Yao
>            Assignee: Chen Liang
>         Attachments: HDFS-11302.001.patch
>
>
> SSLHostnameVerifier interface/class was copied from other projects without any logging
to help troubleshooting SSL certificate related issues. For a misconfigured SSL truststore,
we may get some very confusing error message like
> {code}
> >hdfs dfs -cat swebhdfs://NNl/tmp/test1.txt
> ...
> cause:java.io.IOException: DN2:50475: HTTPS hostname wrong:  should be <DN2>
> cat: DN2:50475: HTTPS hostname wrong:  should be <DN2>
> {code}
> This ticket is opened to add tracing to give more useful context information around SSL
certificate verification failures inside the following code.
> {code}AbstractVerifier#check(String[] host, X509Certificate cert) {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message