knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KNOX-733) Add support for custom truststore to Knox shell client
Date Wed, 07 Sep 2016 21:05:20 GMT

    [ https://issues.apache.org/jira/browse/KNOX-733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15471802#comment-15471802
] 

Larry McCay commented on KNOX-733:
----------------------------------

To provide a way for demos to not require truststores, I've added a new login method called
loginInsecure(). This mode of the programming model will warn the user running it with the
following in stdout:

{code}
**************** WARNING ******************
This is an insecure client instance and may
leave the interactions subject to a man in
the middle attack. Please use the login()
method instead of loginInsecure() for any
sensitive or production usecases.
*******************************************
{code}

I've also tried to add additional context information to the possible errors for truststore
discovery.

The most common issue however will end up being an SSLHandshakeException when the presented
cert can't be verified.

> Add support for custom truststore to Knox shell client
> ------------------------------------------------------
>
>                 Key: KNOX-733
>                 URL: https://issues.apache.org/jira/browse/KNOX-733
>             Project: Apache Knox
>          Issue Type: Bug
>            Reporter: chris snow
>            Assignee: Larry McCay
>             Fix For: 0.10.0
>
>         Attachments: KNOX-733-001.patch
>
>
> The Knox shell client does not verify the certificate of the server.  
> One option would be to provide another method where developers can provide their own
client, e.g.
> public static Hadoop login( String url, String username, String password, HttpClient
client ) throws URISyntaxException { }
> https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60
> I can provide a patch if you are happy with this approach.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message