You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2020/03/06 01:35:39 UTC
[GitHub] [hadoop] jojochuang opened a new pull request #1880: HADOOP-16661.
Support TLS 1.3
jojochuang opened a new pull request #1880: HADOOP-16661. Support TLS 1.3
URL: https://github.com/apache/hadoop/pull/1880
TLS 1.3 is supported in Hadoop 3.3.0 with the update of Jetty 9.4 and Java 11 Runtime.
This patch doesn't add any new capability. It simply adds a new test case to verify TLSv1.3 is enabled on Java 11.
Verified manually by:
```
JAVA_HOME=`/usr/libexec/java_home -v 11` mvn test -Dtest=TestSSLHttpServer#testIncludedProtocols
JAVA_HOME=`/usr/libexec/java_home -v 1.8` mvn test -Dtest=TestSSLHttpServer#testIncludedProtocols
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] aajisaka commented on a change in pull request #1880:
HADOOP-16661. Support TLS 1.3
Posted by GitBox <gi...@apache.org>.
aajisaka commented on a change in pull request #1880: HADOOP-16661. Support TLS 1.3
URL: https://github.com/apache/hadoop/pull/1880#discussion_r388757429
##########
File path: hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestSSLHttpServer.java
##########
@@ -291,13 +294,30 @@ public void testExcludedCiphers() throws Exception {
@Test
public void testIncludedProtocols() throws Exception {
URL url = new URL(baseUrl, SERVLET_PATH_ECHO + "?a=b&c=d");
+
+ String includedProtocols;
+ String version = System.getProperty("java.version");
+ if (version.startsWith("1.")) { // JDK 8
+ includedProtocols = INCLUDED_PROTOCOLS;
+ } else { // JDK 11 and above
+ includedProtocols = INCLUDED_PROTOCOLS_JDK11;
+ }
Review comment:
We can use the utility method and don't have to parse the java.version string. This change can avoid test failure in Java 9 and 10 (corner case).
```suggestion
if (Shell.isJavaVersionAtLeast(11) {
includedProtocols = INCLUDED_PROTOCOLS_JDK11;
} else {
includedProtocols = INCLUDED_PROTOCOLS;
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] hadoop-yetus commented on issue #1880: HADOOP-16661.
Support TLS 1.3
Posted by GitBox <gi...@apache.org>.
hadoop-yetus commented on issue #1880: HADOOP-16661. Support TLS 1.3
URL: https://github.com/apache/hadoop/pull/1880#issuecomment-596039473
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 36s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| +1 :green_heart: | test4tests | 0m 0s | The patch appears to include 1 new or modified test files. |
||| _ trunk Compile Tests _ |
| +1 :green_heart: | mvninstall | 19m 6s | trunk passed |
| +1 :green_heart: | compile | 17m 1s | trunk passed |
| +1 :green_heart: | checkstyle | 0m 51s | trunk passed |
| +1 :green_heart: | mvnsite | 1m 28s | trunk passed |
| +1 :green_heart: | shadedclient | 17m 1s | branch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 1m 2s | trunk passed |
| +0 :ok: | spotbugs | 2m 9s | Used deprecated FindBugs config; considering switching to SpotBugs. |
| +1 :green_heart: | findbugs | 2m 7s | trunk passed |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 0m 50s | the patch passed |
| +1 :green_heart: | compile | 16m 14s | the patch passed |
| +1 :green_heart: | javac | 16m 14s | the patch passed |
| -0 :warning: | checkstyle | 0m 48s | hadoop-common-project/hadoop-common: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) |
| +1 :green_heart: | mvnsite | 1m 27s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. |
| +1 :green_heart: | shadedclient | 14m 43s | patch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 1m 2s | the patch passed |
| +1 :green_heart: | findbugs | 2m 13s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 9m 33s | hadoop-common in the patch passed. |
| +1 :green_heart: | asflicense | 0m 55s | The patch does not generate ASF License warnings. |
| | | 108m 8s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | Client=19.03.7 Server=19.03.7 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/2/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/1880 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml findbugs checkstyle |
| uname | Linux 440d2d7004b8 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/hadoop.sh |
| git revision | trunk / 4062217 |
| Default Java | 1.8.0_242 |
| checkstyle | https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/2/artifact/out/diff-checkstyle-hadoop-common-project_hadoop-common.txt |
| Test Results | https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/2/testReport/ |
| Max. process+thread count | 2793 (vs. ulimit of 5500) |
| modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common |
| Console output | https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/2/console |
| versions | git=2.7.4 maven=3.3.9 findbugs=3.1.0-RC1 |
| Powered by | Apache Yetus 0.11.1 https://yetus.apache.org |
This message was automatically generated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] aajisaka commented on a change in pull request #1880:
HADOOP-16661. Support TLS 1.3
Posted by GitBox <gi...@apache.org>.
aajisaka commented on a change in pull request #1880: HADOOP-16661. Support TLS 1.3
URL: https://github.com/apache/hadoop/pull/1880#discussion_r388758041
##########
File path: hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestSSLHttpServer.java
##########
@@ -291,13 +294,30 @@ public void testExcludedCiphers() throws Exception {
@Test
public void testIncludedProtocols() throws Exception {
URL url = new URL(baseUrl, SERVLET_PATH_ECHO + "?a=b&c=d");
+
+ String includedProtocols;
+ String version = System.getProperty("java.version");
+ if (version.startsWith("1.")) { // JDK 8
+ includedProtocols = INCLUDED_PROTOCOLS;
+ } else { // JDK 11 and above
+ includedProtocols = INCLUDED_PROTOCOLS_JDK11;
+ }
HttpsURLConnection conn =
getConnectionWithPreferredProtocolSSLSocketFactory(url,
- INCLUDED_PROTOCOLS);
+ includedProtocols);
assertFalse("included protocol list is empty",
- INCLUDED_PROTOCOLS.isEmpty());
+ includedProtocols.isEmpty());
readFromConnection(conn);
+
+ PreferredProtocolSSLSocketFactory factory =
+ (PreferredProtocolSSLSocketFactory)conn.getSSLSocketFactory();
+
+ if (version.startsWith("1.")) {
+ assertEquals("TLSv1.2", factory.getSocket().getSession().getProtocol());
+ } else {
+ assertEquals("TLSv1.3", factory.getSocket().getSession().getProtocol());
+ }
Review comment:
This lines can be fixed as well.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] jojochuang commented on issue #1880: HADOOP-16661. Support
TLS 1.3
Posted by GitBox <gi...@apache.org>.
jojochuang commented on issue #1880: HADOOP-16661. Support TLS 1.3
URL: https://github.com/apache/hadoop/pull/1880#issuecomment-598997502
@aajisaka care to review again?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] jojochuang commented on issue #1880: HADOOP-16661. Support
TLS 1.3
Posted by GitBox <gi...@apache.org>.
jojochuang commented on issue #1880: HADOOP-16661. Support TLS 1.3
URL: https://github.com/apache/hadoop/pull/1880#issuecomment-599679543
Thanks Akira!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] jojochuang merged pull request #1880: HADOOP-16661.
Support TLS 1.3
Posted by GitBox <gi...@apache.org>.
jojochuang merged pull request #1880: HADOOP-16661. Support TLS 1.3
URL: https://github.com/apache/hadoop/pull/1880
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] hadoop-yetus commented on issue #1880: HADOOP-16661.
Support TLS 1.3
Posted by GitBox <gi...@apache.org>.
hadoop-yetus commented on issue #1880: HADOOP-16661. Support TLS 1.3
URL: https://github.com/apache/hadoop/pull/1880#issuecomment-595581360
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 34s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 1s | The patch does not contain any @author tags. |
| +1 :green_heart: | test4tests | 0m 0s | The patch appears to include 1 new or modified test files. |
||| _ trunk Compile Tests _ |
| +1 :green_heart: | mvninstall | 19m 49s | trunk passed |
| +1 :green_heart: | compile | 17m 44s | trunk passed |
| +1 :green_heart: | checkstyle | 0m 50s | trunk passed |
| +1 :green_heart: | mvnsite | 1m 36s | trunk passed |
| +1 :green_heart: | shadedclient | 16m 47s | branch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 1m 3s | trunk passed |
| +0 :ok: | spotbugs | 2m 8s | Used deprecated FindBugs config; considering switching to SpotBugs. |
| +1 :green_heart: | findbugs | 2m 6s | trunk passed |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 0m 52s | the patch passed |
| +1 :green_heart: | compile | 16m 18s | the patch passed |
| +1 :green_heart: | javac | 16m 18s | the patch passed |
| -0 :warning: | checkstyle | 0m 49s | hadoop-common-project/hadoop-common: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) |
| +1 :green_heart: | mvnsite | 1m 29s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. |
| +1 :green_heart: | shadedclient | 14m 19s | patch has no errors when building and testing our client artifacts. |
| +1 :green_heart: | javadoc | 1m 2s | the patch passed |
| +1 :green_heart: | findbugs | 2m 13s | the patch passed |
||| _ Other Tests _ |
| -1 :x: | unit | 9m 34s | hadoop-common in the patch passed. |
| +1 :green_heart: | asflicense | 0m 54s | The patch does not generate ASF License warnings. |
| | | 109m 4s | |
| Reason | Tests |
|-------:|:------|
| Failed junit tests | hadoop.http.TestSSLHttpServer |
| | hadoop.fs.viewfs.TestViewFsTrash |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | Client=19.03.7 Server=19.03.7 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/1/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/1880 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient xml findbugs checkstyle |
| uname | Linux 4e476d71fd9f 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/hadoop.sh |
| git revision | trunk / 004e955 |
| Default Java | 1.8.0_242 |
| checkstyle | https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/1/artifact/out/diff-checkstyle-hadoop-common-project_hadoop-common.txt |
| unit | https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/1/artifact/out/patch-unit-hadoop-common-project_hadoop-common.txt |
| Test Results | https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/1/testReport/ |
| Max. process+thread count | 1987 (vs. ulimit of 5500) |
| modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common |
| Console output | https://builds.apache.org/job/hadoop-multibranch/job/PR-1880/1/console |
| versions | git=2.7.4 maven=3.3.9 findbugs=3.1.0-RC1 |
| Powered by | Apache Yetus 0.11.1 https://yetus.apache.org |
This message was automatically generated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org