zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2949) SSL ServerName not set when using hostname, some proxies may failed to proxy the request.
Date Mon, 18 Dec 2017 07:12:02 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294586#comment-16294586
] 

Hadoop QA commented on ZOOKEEPER-2949:
--------------------------------------

+1 overall.  GitHub Pull Request  Build
      

    +1 @author.  The patch does not contain any @author tags.

    +0 tests included.  The patch appears to be a documentation patch that doesn't require
tests.

    +1 javadoc.  The javadoc tool did not generate any warning messages.

    +1 javac.  The applied patch does not increase the total number of javac compiler warnings.

    +1 findbugs.  The patch does not introduce any new Findbugs (version 3.0.1) warnings.

    +1 release audit.  The applied patch does not increase the total number of release audit
warnings.

    +1 core tests.  The patch passed core unit tests.

    +1 contrib tests.  The patch passed contrib unit tests.

Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1378//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1378//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1378//console

This message is automatically generated.

> SSL ServerName not set when using hostname, some proxies may failed to proxy the request.
> -----------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2949
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2949
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client
>    Affects Versions: 3.5.3
>         Environment: In our environment, the zk clusters are all behind a proxy, the
proxy decide to transfer the request from client based on the "ServerName" field in SSL Hello
packet(the proxy served on SSL only). but the Hello packets that zk client sended do proxy
do not contain the "ServerName" field in it. after inspect the codes, we have found that it
is because that zk client did not specify the peerHost when initializing the SSLContext.
>            Reporter: Feng Shaobao
>             Fix For: 3.6.0
>
>   Original Estimate: 12h
>  Remaining Estimate: 12h
>
> In our environment, the zk clusters are all behind a proxy, the proxy decide to transfer
the request from client based on the "ServerName" field in SSL Hello packet(the proxy served
on SSL only). but the Hello packets that zk client sended do proxy do not contain the "ServerName"
field in it. after inspect the codes, we have found that it is because that zk client did
not specify the peerHost when initializing the SSLContext.
> In the method initSSL of class ZKClientPipelineFactory, it initialize the SSLEngine like
below:
> sslEngine = sslContext.createSSLEngine();
> Actually the sslContext provide another factory method that receives the hostName and
port parameter.
> public final SSLEngine createSSLEngine(String hostName, int port)
> If we call this method to create the SSLEngine, then the proxy will know which zk cluster
it really want to access.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message