zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hanm <...@git.apache.org>
Subject [GitHub] zookeeper pull request #184: ZOOKEEPER-236: SSL Support for Atomic Broadcast...
Date Fri, 28 Sep 2018 00:03:04 GMT
Github user hanm commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/184#discussion_r220733326
  
    --- Diff: src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java ---
    @@ -632,37 +639,49 @@ synchronized private boolean connectOne(long sid, InetSocketAddress
electionAddr
     
             Socket sock = null;
             try {
    -            LOG.debug("Opening channel to server " + sid);
    -            sock = new Socket();
    -            setSockOpts(sock);
    -            sock.connect(electionAddr, cnxTO);
    -            LOG.debug("Connected to server " + sid);
    +             LOG.debug("Opening channel to server " + sid);
    +             if (self.isSslQuorum()) {
    +                 SSLSocket sslSock = x509Util.createSSLSocket();
    +                 setSockOpts(sslSock);
    +                 sslSock.connect(electionAddr, cnxTO);
    +                 sslSock.startHandshake();
    +                 sock = sslSock;
    +             } else {
    +                 sock = new Socket();
    +                 setSockOpts(sock);
    +                 sock.connect(electionAddr, cnxTO);
    +
    +             }
    +             LOG.debug("Connected to server " + sid);
                 // Sends connection request asynchronously if the quorum
                 // sasl authentication is enabled. This is required because
                 // sasl server authentication process may take few seconds to
                 // finish, this may delay next peer connection requests.
                 if (quorumSaslAuthEnabled) {
                     initiateConnectionAsync(sock, sid);
    -            } else {
    -                initiateConnection(sock, sid);
    -            }
    -            return true;
    -        } catch (UnresolvedAddressException e) {
    -            // Sun doesn't include the address that causes this
    -            // exception to be thrown, also UAE cannot be wrapped cleanly
    -            // so we log the exception in order to capture this critical
    -            // detail.
    -            LOG.warn("Cannot open channel to " + sid
    -                    + " at election address " + electionAddr, e);
    -            closeSocket(sock);
    -            throw e;
    -        } catch (IOException e) {
    -            LOG.warn("Cannot open channel to " + sid
    -                            + " at election address " + electionAddr,
    -                    e);
    +            } else { initiateConnection(sock, sid);
    +            } return true;
    +         } catch (UnresolvedAddressException e) {
    +             // Sun doesn't include the address that causes this
    +             // exception to be thrown, also UAE cannot be wrapped cleanly
    +             // so we log the exception in order to capture this critical
    +             // detail.
    +             LOG.warn("Cannot open channel to " + sid
    +                     + " at election address " + electionAddr, e);
    +             closeSocket(sock);
    +             throw e;} catch (X509Exception e) {
    --- End diff --
    
    nit: start a new line for `} catch (X509Exception e) {`


---

Mime
View raw message