zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From af...@apache.org
Subject zookeeper git commit: ZOOKEEPER-2949: using hostname and port to create SSLEngine
Date Tue, 30 Jan 2018 20:57:20 GMT
Repository: zookeeper
Updated Branches:
  refs/heads/branch-3.5 9affdd144 -> 85acd1bed


ZOOKEEPER-2949: using hostname and port to create SSLEngine

If the server has more than one host name, and serve each host name with different certificates.
then the ssl client must provide the server name in the ssl Hello packet, to tell the server
which certificate to use.
This is especially important when the client connect to a load balancer with different backend
services.

https://en.wikipedia.org/wiki/Server_Name_Indication

Author: f00231050 <shaobao.feng@huawei.com>

Reviewers: Andor Molnár <andor@cloudera.com>, Abraham Fine <afine@apache.org>

Closes #423 from abel-von/ZOOKEEPER-2949

(cherry picked from commit 66554218a557cbc86924354bdb20e20b20ff934f)
Signed-off-by: Abraham Fine <afine@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/zookeeper/repo
Commit: http://git-wip-us.apache.org/repos/asf/zookeeper/commit/85acd1be
Tree: http://git-wip-us.apache.org/repos/asf/zookeeper/tree/85acd1be
Diff: http://git-wip-us.apache.org/repos/asf/zookeeper/diff/85acd1be

Branch: refs/heads/branch-3.5
Commit: 85acd1bed41ff207966a5c50a5c7588d05b45250
Parents: 9affdd1
Author: Feng Shaobao <haobao.feng@huawei.com>
Authored: Tue Jan 30 12:56:37 2018 -0800
Committer: Abraham Fine <afine@apache.org>
Committed: Tue Jan 30 12:57:13 2018 -0800

----------------------------------------------------------------------
 .../org/apache/zookeeper/ClientCnxnSocketNetty.java     | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zookeeper/blob/85acd1be/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
----------------------------------------------------------------------
diff --git a/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java b/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
old mode 100644
new mode 100755
index 97af9da..ec789cb
--- a/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
+++ b/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
@@ -112,7 +112,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
 
         ClientBootstrap bootstrap = new ClientBootstrap(channelFactory);
 
-        bootstrap.setPipelineFactory(new ZKClientPipelineFactory());
+        bootstrap.setPipelineFactory(new ZKClientPipelineFactory(addr.getHostString(), addr.getPort()));
         bootstrap.setOption("soLinger", -1);
         bootstrap.setOption("tcpNoDelay", true);
 
@@ -340,6 +340,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
             return instance;
         }
     }
+
     /**
      * ZKClientPipelineFactory is the netty pipeline factory for this netty
      * connection implementation.
@@ -347,6 +348,13 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
     private class ZKClientPipelineFactory implements ChannelPipelineFactory {
         private SSLContext sslContext = null;
         private SSLEngine sslEngine = null;
+        private String host;
+        private int port;
+
+        public ZKClientPipelineFactory(String host, int port) {
+            this.host = host;
+            this.port = port;
+        }
 
         @Override
         public ChannelPipeline getPipeline() throws Exception {
@@ -363,7 +371,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
         private synchronized void initSSL(ChannelPipeline pipeline) throws SSLContextException
{
             if (sslContext == null || sslEngine == null) {
                 sslContext = X509Util.createSSLContext(clientConfig);
-                sslEngine = sslContext.createSSLEngine();
+                sslEngine = sslContext.createSSLEngine(host,port);
                 sslEngine.setUseClientMode(true);
             }
             pipeline.addLast("ssl", new SslHandler(sslEngine));


Mime
View raw message