You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2017/02/16 15:36:49 UTC
[2/2] ambari git commit: AMBARI-20049. One way SSL fallback logic can
cause some agents to be connected with 2-way SSL (aonishuk)
AMBARI-20049. One way SSL fallback logic can cause some agents to be connected with 2-way SSL (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4379aea0
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4379aea0
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4379aea0
Branch: refs/heads/branch-2.5
Commit: 4379aea0b947bca6e9a0de0927335139892aaec9
Parents: 48ea538
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Thu Feb 16 17:36:31 2017 +0200
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Thu Feb 16 17:36:31 2017 +0200
----------------------------------------------------------------------
.../src/main/python/ambari_agent/security.py | 17 +++++------------
.../src/test/python/ambari_agent/TestSecurity.py | 2 ++
2 files changed, 7 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/4379aea0/ambari-agent/src/main/python/ambari_agent/security.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/security.py b/ambari-agent/src/main/python/ambari_agent/security.py
index 779b85c..d0cfde4 100644
--- a/ambari-agent/src/main/python/ambari_agent/security.py
+++ b/ambari-agent/src/main/python/ambari_agent/security.py
@@ -55,18 +55,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
'Server require two-way SSL authentication. Use it instead of one-way...')
if not self.two_way_ssl_required:
- try:
- sock = self.create_connection()
- self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE)
- logger.info('SSL connection established. Two-way SSL authentication is '
- 'turned off on the server.')
- except (ssl.SSLError, AttributeError):
- self.two_way_ssl_required = True
- logger.info(
- 'Insecure connection to https://' + self.host + ':' + self.port +
- '/ failed. Reconnecting using two-way SSL authentication..')
-
- if self.two_way_ssl_required:
+ sock = self.create_connection()
+ self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE)
+ logger.info('SSL connection established. Two-way SSL authentication is '
+ 'turned off on the server.')
+ else:
self.certMan = CertificateManager(self.config, self.host)
self.certMan.initSecurity()
agent_key = self.certMan.getAgentKeyName()
http://git-wip-us.apache.org/repos/asf/ambari/blob/4379aea0/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
index 9e28ae7..c9a7fbe 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
@@ -102,6 +102,8 @@ class TestSecurity(unittest.TestCase):
wrap_socket_mock.side_effect=ssl.SSLError()
connection = security.VerifiedHTTPSConnection("example.com",
self.config.get('server', 'secured_url_port'), self.config)
+ self.config.isTwoWaySSLConnection = MagicMock(return_value=True)
+
connection._tunnel_host = False
connection.sock = None
try: