You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by af...@apache.org on 2018/01/30 20:57:03 UTC
zookeeper git commit: ZOOKEEPER-2949: using hostname and port to
create SSLEngine
Repository: zookeeper
Updated Branches:
refs/heads/master d1b07d588 -> 66554218a
ZOOKEEPER-2949: using hostname and port to create SSLEngine
If the server has more than one host name, and serve each host name with different certificates. then the ssl client must provide the server name in the ssl Hello packet, to tell the server which certificate to use.
This is especially important when the client connect to a load balancer with different backend services.
https://en.wikipedia.org/wiki/Server_Name_Indication
Author: f00231050 <sh...@huawei.com>
Reviewers: Andor Molnár <an...@cloudera.com>, Abraham Fine <af...@apache.org>
Closes #423 from abel-von/ZOOKEEPER-2949
Project: http://git-wip-us.apache.org/repos/asf/zookeeper/repo
Commit: http://git-wip-us.apache.org/repos/asf/zookeeper/commit/66554218
Tree: http://git-wip-us.apache.org/repos/asf/zookeeper/tree/66554218
Diff: http://git-wip-us.apache.org/repos/asf/zookeeper/diff/66554218
Branch: refs/heads/master
Commit: 66554218a557cbc86924354bdb20e20b20ff934f
Parents: d1b07d5
Author: Feng Shaobao <ha...@huawei.com>
Authored: Tue Jan 30 12:56:37 2018 -0800
Committer: Abraham Fine <af...@apache.org>
Committed: Tue Jan 30 12:56:37 2018 -0800
----------------------------------------------------------------------
.../org/apache/zookeeper/ClientCnxnSocketNetty.java | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/zookeeper/blob/66554218/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
----------------------------------------------------------------------
diff --git a/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java b/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
old mode 100644
new mode 100755
index 97af9da..ec789cb
--- a/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
+++ b/src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
@@ -112,7 +112,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
ClientBootstrap bootstrap = new ClientBootstrap(channelFactory);
- bootstrap.setPipelineFactory(new ZKClientPipelineFactory());
+ bootstrap.setPipelineFactory(new ZKClientPipelineFactory(addr.getHostString(), addr.getPort()));
bootstrap.setOption("soLinger", -1);
bootstrap.setOption("tcpNoDelay", true);
@@ -340,6 +340,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
return instance;
}
}
+
/**
* ZKClientPipelineFactory is the netty pipeline factory for this netty
* connection implementation.
@@ -347,6 +348,13 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
private class ZKClientPipelineFactory implements ChannelPipelineFactory {
private SSLContext sslContext = null;
private SSLEngine sslEngine = null;
+ private String host;
+ private int port;
+
+ public ZKClientPipelineFactory(String host, int port) {
+ this.host = host;
+ this.port = port;
+ }
@Override
public ChannelPipeline getPipeline() throws Exception {
@@ -363,7 +371,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
private synchronized void initSSL(ChannelPipeline pipeline) throws SSLContextException {
if (sslContext == null || sslEngine == null) {
sslContext = X509Util.createSSLContext(clientConfig);
- sslEngine = sslContext.createSSLEngine();
+ sslEngine = sslContext.createSSLEngine(host,port);
sslEngine.setUseClientMode(true);
}
pipeline.addLast("ssl", new SslHandler(sslEngine));