You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "David Mollitor (Jira)" <ji...@apache.org> on 2021/12/08 21:16:00 UTC

[jira] [Created] (RANGER-3542) Invalid HTTPS Check

David Mollitor created RANGER-3542:
--------------------------------------

             Summary: Invalid HTTPS Check
                 Key: RANGER-3542
                 URL: https://issues.apache.org/jira/browse/RANGER-3542
             Project: Ranger
          Issue Type: Bug
          Components: plugins
            Reporter: David Mollitor


[https://github.com/apache/ranger/blob/0258fcf7ab25473b056fffc103840806c18fdcad/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java#L243]

 

{code:java|title=RangerRESTClient.java}
mIsSSL = StringUtils.containsIgnoreCase(mUrl, "https");
{code}

This can trigger inadvertently if the host name just happens to have "https" in the name.  Better/safer to use Java URL to parse {{mUrl}} and look at the protocol explicitly.

For example: {{http://my.serverhttps.com}} would trigger as an ssl enabled endpoint.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)