You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nutch.apache.org by sn...@apache.org on 2022/08/09 07:27:35 UTC
[nutch] 01/03: NUTCH-2936 Early registration of URL stream handlers provided by plugins may fail Hadoop jobs running in distributed mode if protocol-okhttp is used - protocol-okhttp: initialize SSLContext used to ignore SSL/TLS certificate verificiation not in a static code block
This is an automated email from the ASF dual-hosted git repository.
snagel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nutch.git
commit 03e0ffda4e0c7a31c033541e937a742fe798608a
Author: Sebastian Nagel <sn...@apache.org>
AuthorDate: Tue Jun 14 11:00:31 2022 +0200
NUTCH-2936 Early registration of URL stream handlers provided by plugins may fail Hadoop jobs running in distributed mode if protocol-okhttp is used
- protocol-okhttp: initialize SSLContext used to ignore SSL/TLS certificate verificiation
not in a static code block
---
.../org/apache/nutch/protocol/okhttp/OkHttp.java | 29 +++++++++-------------
1 file changed, 12 insertions(+), 17 deletions(-)
diff --git a/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java b/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java
index d5ab77ec5..9cf977914 100644
--- a/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java
+++ b/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java
@@ -87,21 +87,6 @@ public class OkHttp extends HttpBase {
}
} };
- private static final SSLContext trustAllSslContext;
-
- static {
- try {
- trustAllSslContext = SSLContext.getInstance("SSL");
- trustAllSslContext.init(null, trustAllCerts,
- new java.security.SecureRandom());
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- private static final SSLSocketFactory trustAllSslSocketFactory = trustAllSslContext
- .getSocketFactory();
-
public OkHttp() {
super(LOG);
}
@@ -126,8 +111,18 @@ public class OkHttp extends HttpBase {
.readTimeout(this.timeout, TimeUnit.MILLISECONDS);
if (!this.tlsCheckCertificate) {
- builder.sslSocketFactory(trustAllSslSocketFactory,
- (X509TrustManager) trustAllCerts[0]);
+ try {
+ SSLContext trustAllSslContext = SSLContext.getInstance("TLS");
+ trustAllSslContext.init(null, trustAllCerts, null);
+ SSLSocketFactory trustAllSslSocketFactory = trustAllSslContext
+ .getSocketFactory();
+ builder.sslSocketFactory(trustAllSslSocketFactory,
+ (X509TrustManager) trustAllCerts[0]);
+ } catch (Exception e) {
+ LOG.error(
+ "Failed to disable TLS certificate verification (property http.tls.certificates.check)",
+ e);
+ }
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {