You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "David Mollitor (Jira)" <ji...@apache.org> on 2021/12/08 21:16:00 UTC
[jira] [Created] (RANGER-3542) Invalid HTTPS Check
David Mollitor created RANGER-3542:
--------------------------------------
Summary: Invalid HTTPS Check
Key: RANGER-3542
URL: https://issues.apache.org/jira/browse/RANGER-3542
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: David Mollitor
[https://github.com/apache/ranger/blob/0258fcf7ab25473b056fffc103840806c18fdcad/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java#L243]
{code:java|title=RangerRESTClient.java}
mIsSSL = StringUtils.containsIgnoreCase(mUrl, "https");
{code}
This can trigger inadvertently if the host name just happens to have "https" in the name. Better/safer to use Java URL to parse {{mUrl}} and look at the protocol explicitly.
For example: {{http://my.serverhttps.com}} would trigger as an ssl enabled endpoint.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)