You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2019/12/03 23:55:25 UTC
[hadoop] branch branch-3.1 updated: HADOOP-16718. Allow disabling
Server Name Indication (SNI) for Jetty. Contributed by Aravindan Vijayan.
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-3.1
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.1 by this push:
new e73fa45 HADOOP-16718. Allow disabling Server Name Indication (SNI) for Jetty. Contributed by Aravindan Vijayan.
e73fa45 is described below
commit e73fa45e5bfffec1785e108adedec666772f5da0
Author: Aravindan Vijayan <av...@apache.org>
AuthorDate: Tue Dec 3 15:46:21 2019 -0800
HADOOP-16718. Allow disabling Server Name Indication (SNI) for Jetty. Contributed by Aravindan Vijayan.
Signed-off-by: Wei-Chiu Chuang <we...@apache.org>
Reviewed-by: Siyao Meng <sm...@cloudera.com>
(cherry picked from commit f1ab7f18c423a9cfc59292d25fa178e73715b85b)
(cherry picked from commit f0c1403ec382a7a8c25b0311db0c88749576c308)
---
.../java/org/apache/hadoop/http/HttpServer2.java | 27 +++++++++++++++++++++-
.../src/main/resources/core-default.xml | 8 +++++++
.../hadoop/conf/TestCommonConfigurationFields.java | 2 +-
3 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
index dbdef9d..a592f47 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
@@ -146,6 +146,10 @@ public final class HttpServer2 implements FilterContainer {
public static final String FILTER_INITIALIZER_PROPERTY
= "hadoop.http.filter.initializers";
+ public static final String HTTP_SNI_HOST_CHECK_ENABLED_KEY
+ = "hadoop.http.sni.host.check.enabled";
+ public static final boolean HTTP_SNI_HOST_CHECK_ENABLED_DEFAULT = false;
+
// The ServletContext attribute where the daemon Configuration
// gets stored.
public static final String CONF_CONTEXT_ATTRIBUTE = "hadoop.conf";
@@ -214,6 +218,8 @@ public final class HttpServer2 implements FilterContainer {
private boolean xFrameEnabled;
private XFrameOption xFrameOption = XFrameOption.SAMEORIGIN;
+ private boolean sniHostCheckEnabled;
+
public Builder setName(String name){
this.name = name;
return this;
@@ -359,6 +365,17 @@ public final class HttpServer2 implements FilterContainer {
}
/**
+ * Enable or disable sniHostCheck.
+ *
+ * @param sniHostCheckEnabled Enable sniHostCheck if true, else disable it.
+ * @return Builder.
+ */
+ public Builder setSniHostCheckEnabled(boolean sniHostCheckEnabled) {
+ this.sniHostCheckEnabled = sniHostCheckEnabled;
+ return this;
+ }
+
+ /**
* A wrapper of {@link Configuration#getPassword(String)}. It returns
* <code>String</code> instead of <code>char[]</code>.
*
@@ -450,6 +467,13 @@ public final class HttpServer2 implements FilterContainer {
int backlogSize = conf.getInt(HTTP_SOCKET_BACKLOG_SIZE_KEY,
HTTP_SOCKET_BACKLOG_SIZE_DEFAULT);
+ // If setSniHostCheckEnabled() is used to enable SNI hostname check,
+ // configuration lookup is skipped.
+ if (!sniHostCheckEnabled) {
+ sniHostCheckEnabled = conf.getBoolean(HTTP_SNI_HOST_CHECK_ENABLED_KEY,
+ HTTP_SNI_HOST_CHECK_ENABLED_DEFAULT);
+ }
+
for (URI ep : endpoints) {
final ServerConnector connector;
String scheme = ep.getScheme();
@@ -493,7 +517,8 @@ public final class HttpServer2 implements FilterContainer {
private ServerConnector createHttpsChannelConnector(
Server server, HttpConfiguration httpConfig) {
httpConfig.setSecureScheme(HTTPS_SCHEME);
- httpConfig.addCustomizer(new SecureRequestCustomizer());
+ httpConfig.addCustomizer(
+ new SecureRequestCustomizer(sniHostCheckEnabled));
ServerConnector conn = createHttpChannelConnector(server, httpConfig);
SslContextFactory.Server sslContextFactory =
diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
index 4a517d0..73c59d3 100644
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -3119,4 +3119,12 @@
fs space usage statistics refresh jitter in msec.
</description>
</property>
+
+ <property>
+ <name>hadoop.http.sni.host.check.enabled</name>
+ <value>false</value>
+ <description>
+ Enable Server Name Indication (SNI) host check for HTTPS enabled server.
+ </description>
+ </property>
</configuration>
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestCommonConfigurationFields.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestCommonConfigurationFields.java
index 6ca9c78..c218194 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestCommonConfigurationFields.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestCommonConfigurationFields.java
@@ -195,6 +195,6 @@ public class TestCommonConfigurationFields extends TestConfigurationFieldsBase {
// - org.apache.hadoop.io.SequenceFile
xmlPropsToSkipCompare.add("io.seqfile.local.dir");
-
+ xmlPropsToSkipCompare.add("hadoop.http.sni.host.check.enabled");
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org