You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nutch.apache.org by sn...@apache.org on 2022/08/09 07:27:35 UTC

[nutch] 01/03: NUTCH-2936 Early registration of URL stream handlers provided by plugins may fail Hadoop jobs running in distributed mode if protocol-okhttp is used - protocol-okhttp: initialize SSLContext used to ignore SSL/TLS certificate verificiation not in a static code block

This is an automated email from the ASF dual-hosted git repository.

snagel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nutch.git

commit 03e0ffda4e0c7a31c033541e937a742fe798608a
Author: Sebastian Nagel <sn...@apache.org>
AuthorDate: Tue Jun 14 11:00:31 2022 +0200

    NUTCH-2936 Early registration of URL stream handlers provided by plugins may fail Hadoop jobs running in distributed mode if protocol-okhttp is used
    - protocol-okhttp: initialize SSLContext used to ignore SSL/TLS certificate verificiation
      not in a static code block
---
 .../org/apache/nutch/protocol/okhttp/OkHttp.java   | 29 +++++++++-------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java b/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java
index d5ab77ec5..9cf977914 100644
--- a/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java
+++ b/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java
@@ -87,21 +87,6 @@ public class OkHttp extends HttpBase {
         }
       } };
 
-  private static final SSLContext trustAllSslContext;
-
-  static {
-    try {
-      trustAllSslContext = SSLContext.getInstance("SSL");
-      trustAllSslContext.init(null, trustAllCerts,
-          new java.security.SecureRandom());
-    } catch (Exception e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  private static final SSLSocketFactory trustAllSslSocketFactory = trustAllSslContext
-      .getSocketFactory();
-
   public OkHttp() {
     super(LOG);
   }
@@ -126,8 +111,18 @@ public class OkHttp extends HttpBase {
         .readTimeout(this.timeout, TimeUnit.MILLISECONDS);
 
     if (!this.tlsCheckCertificate) {
-      builder.sslSocketFactory(trustAllSslSocketFactory,
-          (X509TrustManager) trustAllCerts[0]);
+      try {
+        SSLContext trustAllSslContext = SSLContext.getInstance("TLS");
+        trustAllSslContext.init(null, trustAllCerts, null);
+        SSLSocketFactory trustAllSslSocketFactory = trustAllSslContext
+            .getSocketFactory();
+        builder.sslSocketFactory(trustAllSslSocketFactory,
+            (X509TrustManager) trustAllCerts[0]);
+      } catch (Exception e) {
+        LOG.error(
+            "Failed to disable TLS certificate verification (property http.tls.certificates.check)",
+            e);
+      }
       builder.hostnameVerifier(new HostnameVerifier() {
         @Override
         public boolean verify(String hostname, SSLSession session) {