From commits-return-6142-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Tue Jan 30 21:57:22 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id C691D18066D for ; Tue, 30 Jan 2018 21:57:22 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id B4F62160C2A; Tue, 30 Jan 2018 20:57:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0A104160C53 for ; Tue, 30 Jan 2018 21:57:21 +0100 (CET) Received: (qmail 93143 invoked by uid 500); 30 Jan 2018 20:57:21 -0000 Mailing-List: contact commits-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list commits@zookeeper.apache.org Received: (qmail 93132 invoked by uid 99); 30 Jan 2018 20:57:21 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Jan 2018 20:57:21 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 007A8E178C; Tue, 30 Jan 2018 20:57:20 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: afine@apache.org To: commits@zookeeper.apache.org Message-Id: <9b040e6b24bf48e3bc2a486f26bcd088@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: zookeeper git commit: ZOOKEEPER-2949: using hostname and port to create SSLEngine Date: Tue, 30 Jan 2018 20:57:20 +0000 (UTC) Repository: zookeeper Updated Branches: refs/heads/branch-3.5 9affdd144 -> 85acd1bed ZOOKEEPER-2949: using hostname and port to create SSLEngine If the server has more than one host name, and serve each host name with different certificates. then the ssl client must provide the server name in the ssl Hello packet, to tell the server which certificate to use. This is especially important when the client connect to a load balancer with different backend services. https://en.wikipedia.org/wiki/Server_Name_Indication Author: f00231050 Reviewers: Andor Molnár , Abraham Fine Closes #423 from abel-von/ZOOKEEPER-2949 (cherry picked from commit 66554218a557cbc86924354bdb20e20b20ff934f) Signed-off-by: Abraham Fine Project: http://git-wip-us.apache.org/repos/asf/zookeeper/repo Commit: http://git-wip-us.apache.org/repos/asf/zookeeper/commit/85acd1be Tree: http://git-wip-us.apache.org/repos/asf/zookeeper/tree/85acd1be Diff: http://git-wip-us.apache.org/repos/asf/zookeeper/diff/85acd1be Branch: refs/heads/branch-3.5 Commit: 85acd1bed41ff207966a5c50a5c7588d05b45250 Parents: 9affdd1 Author: Feng Shaobao Authored: Tue Jan 30 12:56:37 2018 -0800 Committer: Abraham Fine Committed: Tue Jan 30 12:57:13 2018 -0800 ---------------------------------------------------------------------- .../org/apache/zookeeper/ClientCnxnSocketNetty.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zookeeper/blob/85acd1be/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java ---------------------------------------------------------------------- diff --git a/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java b/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java old mode 100644 new mode 100755 index 97af9da..ec789cb --- a/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java +++ b/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java @@ -112,7 +112,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket { ClientBootstrap bootstrap = new ClientBootstrap(channelFactory); - bootstrap.setPipelineFactory(new ZKClientPipelineFactory()); + bootstrap.setPipelineFactory(new ZKClientPipelineFactory(addr.getHostString(), addr.getPort())); bootstrap.setOption("soLinger", -1); bootstrap.setOption("tcpNoDelay", true); @@ -340,6 +340,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket { return instance; } } + /** * ZKClientPipelineFactory is the netty pipeline factory for this netty * connection implementation. @@ -347,6 +348,13 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket { private class ZKClientPipelineFactory implements ChannelPipelineFactory { private SSLContext sslContext = null; private SSLEngine sslEngine = null; + private String host; + private int port; + + public ZKClientPipelineFactory(String host, int port) { + this.host = host; + this.port = port; + } @Override public ChannelPipeline getPipeline() throws Exception { @@ -363,7 +371,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket { private synchronized void initSSL(ChannelPipeline pipeline) throws SSLContextException { if (sslContext == null || sslEngine == null) { sslContext = X509Util.createSSLContext(clientConfig); - sslEngine = sslContext.createSSLEngine(); + sslEngine = sslContext.createSSLEngine(host,port); sslEngine.setUseClientMode(true); } pipeline.addLast("ssl", new SslHandler(sslEngine));