You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by jb...@apache.org on 2011/09/27 07:34:31 UTC
svn commit: r1176206 - in /cassandra/branches/cassandra-1.0.0: ./
CHANGES.txt src/java/org/apache/cassandra/security/SSLFactory.java
Author: jbellis
Date: Tue Sep 27 05:34:31 2011
New Revision: 1176206
URL: http://svn.apache.org/viewvc?rev=1176206&view=rev
Log:
merge #3257 from 0.8
Modified:
cassandra/branches/cassandra-1.0.0/ (props changed)
cassandra/branches/cassandra-1.0.0/CHANGES.txt
cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java
Propchange: cassandra/branches/cassandra-1.0.0/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Sep 27 05:34:31 2011
@@ -1,7 +1,7 @@
/cassandra/branches/cassandra-0.6:922689-1052356,1052358-1053452,1053454,1053456-1131291
/cassandra/branches/cassandra-0.7:1026516-1170333,1172024
/cassandra/branches/cassandra-0.7.0:1053690-1055654
-/cassandra/branches/cassandra-0.8:1090934-1125013,1125019-1175057,1175880
+/cassandra/branches/cassandra-0.8:1090934-1125013,1125019-1176205
/cassandra/branches/cassandra-0.8.0:1125021-1130369
/cassandra/branches/cassandra-0.8.1:1101014-1125018
/cassandra/tags/cassandra-0.7.0-rc3:1051699-1053689
Modified: cassandra/branches/cassandra-1.0.0/CHANGES.txt
URL: http://svn.apache.org/viewvc/cassandra/branches/cassandra-1.0.0/CHANGES.txt?rev=1176206&r1=1176205&r2=1176206&view=diff
==============================================================================
--- cassandra/branches/cassandra-1.0.0/CHANGES.txt (original)
+++ cassandra/branches/cassandra-1.0.0/CHANGES.txt Tue Sep 27 05:34:31 2011
@@ -25,6 +25,7 @@
* Fix sstableloader --ignores option (CASSANDRA-3247)
* File descriptor limit increased in packaging (CASSANDRA-3206)
* Fix deadlock in commit log during flush (CASSANDRA-3253)
+ * Fix FD leak when internode encryption is enabled (CASSANDRA-3257)
1.0.0-beta1
Modified: cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java
URL: http://svn.apache.org/viewvc/cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java?rev=1176206&r1=1176205&r2=1176206&view=diff
==============================================================================
--- cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java (original)
+++ cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java Tue Sep 27 05:34:31 2011
@@ -25,7 +25,6 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
-import java.net.SocketAddress;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
@@ -35,6 +34,7 @@ import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import org.apache.cassandra.config.EncryptionOptions;
+import org.apache.cassandra.io.util.FileUtils;
/**
* A Factory for providing and setting up Client and Server SSL wrapped
@@ -46,7 +46,6 @@ public final class SSLFactory
private static final String ALGORITHM = "SunX509";
private static final String STORE_TYPE = "JKS";
-
public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress address, int port) throws IOException
{
SSLContext ctx = createSSLContext(options);
@@ -75,28 +74,39 @@ public final class SSLFactory
return socket;
}
- private static SSLContext createSSLContext(EncryptionOptions options) throws IOException {
+ private static SSLContext createSSLContext(EncryptionOptions options) throws IOException
+ {
+ FileInputStream tsf = new FileInputStream(options.truststore);
+ FileInputStream ksf = new FileInputStream(options.keystore);
SSLContext ctx;
- try {
+ try
+ {
ctx = SSLContext.getInstance(PROTOCOL);
- TrustManagerFactory tmf = null;
- KeyManagerFactory kmf = null;
+ TrustManagerFactory tmf;
+ KeyManagerFactory kmf;
tmf = TrustManagerFactory.getInstance(ALGORITHM);
KeyStore ts = KeyStore.getInstance(STORE_TYPE);
- ts.load(new FileInputStream(options.truststore), options.truststore_password.toCharArray());
+ ts.load(tsf, options.truststore_password.toCharArray());
tmf.init(ts);
kmf = KeyManagerFactory.getInstance(ALGORITHM);
KeyStore ks = KeyStore.getInstance(STORE_TYPE);
- ks.load(new FileInputStream(options.keystore), options.keystore_password.toCharArray());
+ ks.load(ksf, options.keystore_password.toCharArray());
kmf.init(ks, options.keystore_password.toCharArray());
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
- } catch (Exception e) {
+ }
+ catch (Exception e)
+ {
throw new IOException("Error creating the initializing the SSL Context", e);
}
+ finally
+ {
+ FileUtils.closeQuietly(tsf);
+ FileUtils.closeQuietly(ksf);
+ }
return ctx;
}
}