You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@knox.apache.org by lm...@apache.org on 2017/03/08 23:33:38 UTC

knox git commit: KNOX-903 - KnoxShell allows self signed certs to be used without any checks

Repository: knox
Updated Branches:
  refs/heads/master 56176ef44 -> 9f7e34f11


KNOX-903 - KnoxShell allows self signed certs to be used without any checks

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9f7e34f1
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9f7e34f1
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9f7e34f1

Branch: refs/heads/master
Commit: 9f7e34f114d499da39f98ec3c77a389e9d0538a4
Parents: 56176ef
Author: Larry McCay <lm...@hortonworks.com>
Authored: Wed Mar 8 18:33:14 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Wed Mar 8 18:33:32 2017 -0500

----------------------------------------------------------------------
 .../src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/9f7e34f1/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
index ed0feb3..b830014 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
@@ -122,10 +122,11 @@ public class Hadoop implements Closeable {
 
     // SSL
     HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
-    TrustStrategy trustStrategy = TrustSelfSignedStrategy.INSTANCE;
+    TrustStrategy trustStrategy = null;
     if (clientContext.connection().secure()) {
       hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
     } else {
+      trustStrategy = TrustSelfSignedStrategy.INSTANCE;
       System.out.println("**************** WARNING ******************\n"
               + "This is an insecure client instance and may\n"
               + "leave the interactions subject to a man in\n"