Repository: flume Updated Branches: refs/heads/flume-1.5 451fad027 -> 3aceda6eb
FLUME-2548: Enable SSLv2Hello for Avro Source and NettyAvroRpcClient (Hari Shreedharan via Jarek Jarcec Cecho) Project: http://git-wip-us.apache.org/repos/asf/flume/repo Commit: http://git-wip-us.apache.org/repos/asf/flume/commit/2a591110 Tree: http://git-wip-us.apache.org/repos/asf/flume/tree/2a591110 Diff: http://git-wip-us.apache.org/repos/asf/flume/diff/2a591110 Branch: refs/heads/flume-1.5 Commit: 2a59111090433a49ef2bad56219c4838277238dc Parents: 451fad0 Author: Jarek Jarcec Cecho <[email protected]> Authored: Wed Nov 12 06:16:47 2014 -0800 Committer: Hari Shreedharan <[email protected]> Committed: Wed Nov 12 11:50:30 2014 -0800 ---------------------------------------------------------------------- .../java/org/apache/flume/source/AvroSource.java | 19 +++++++++++-------- flume-ng-doc/sphinx/FlumeUserGuide.rst | 2 +- .../org/apache/flume/api/NettyAvroRpcClient.java | 15 +++++++++++---- 3 files changed, 23 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/flume/blob/2a591110/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java ---------------------------------------------------------------------- diff --git a/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java b/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java index 59ee43a..6eb6a0a 100644 --- a/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java +++ b/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java @@ -25,11 +25,7 @@ import java.io.FileInputStream; import java.net.InetSocketAddress; import java.security.KeyStore; import java.security.Security; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; @@ -149,7 +145,7 @@ public class AvroSource extends AbstractSource implements EventDrivenSource, private String keystore; private String keystorePassword; private String keystoreType; - private List<String> excludeProtocols; + private final List<String> excludeProtocols = new LinkedList<String>(); private boolean enableSsl = false; private boolean enableIpFilter; private String patternRuleConfigDefinition; @@ -181,8 +177,15 @@ public class AvroSource extends AbstractSource implements EventDrivenSource, keystore = context.getString(KEYSTORE_KEY); keystorePassword = context.getString(KEYSTORE_PASSWORD_KEY); keystoreType = context.getString(KEYSTORE_TYPE_KEY, "JKS"); - excludeProtocols = Arrays.asList( - context.getString(EXCLUDE_PROTOCOLS, "SSLv2Hello SSLv3").split(" ")); + String excludeProtocolsStr = context.getString(EXCLUDE_PROTOCOLS); + if (excludeProtocolsStr == null) { + excludeProtocols.add("SSLv3"); + } else { + excludeProtocols.addAll(Arrays.asList(excludeProtocolsStr.split(" "))); + if (!excludeProtocols.contains("SSLv3")) { + excludeProtocols.add("SSLv3"); + } + } if (enableSsl) { Preconditions.checkNotNull(keystore, http://git-wip-us.apache.org/repos/asf/flume/blob/2a591110/flume-ng-doc/sphinx/FlumeUserGuide.rst ---------------------------------------------------------------------- diff --git a/flume-ng-doc/sphinx/FlumeUserGuide.rst b/flume-ng-doc/sphinx/FlumeUserGuide.rst index c70f6de..2da8092 100644 --- a/flume-ng-doc/sphinx/FlumeUserGuide.rst +++ b/flume-ng-doc/sphinx/FlumeUserGuide.rst @@ -705,7 +705,7 @@ ssl false Set this to true to enable SSL encryption keystore -- This is the path to a Java keystore file. Required for SSL. keystore-password -- The password for the Java keystore. Required for SSL. keystore-type JKS The type of the Java keystore. This can be "JKS" or "PKCS12". -exclude-protocols SSLv2Hello SSLv3 Space-separated list of SSL/TLS protocols to exclude +exclude-protocols SSLv3 Space-separated list of SSL/TLS protocols to exclude. SSLv3 will always be excluded in addition to the protocols specified. ipFilter false Set this to true to enable ipFiltering for netty ipFilter.rules -- Define N netty ipFilter pattern rules with this config. ================== ================ =================================================== http://git-wip-us.apache.org/repos/asf/flume/blob/2a591110/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java b/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java index ad9b580..3661672 100644 --- a/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java +++ b/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java @@ -96,7 +96,7 @@ implements RpcClient { private String truststore; private String truststorePassword; private String truststoreType; - private List<String> excludeProtocols; + private final List<String> excludeProtocols = new LinkedList<String>(); private Transceiver transceiver; private AvroSourceProtocol.Callback avroClient; @@ -607,9 +607,16 @@ implements RpcClient { RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_PASSWORD); truststoreType = properties.getProperty( RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_TYPE, "JKS"); - excludeProtocols = Arrays.asList(properties.getProperty( - RpcClientConfigurationConstants.CONFIG_EXCLUDE_PROTOCOLS, "SSLv2Hello SSLv3") - .split(" ")); + String excludeProtocolsStr = properties.getProperty( + RpcClientConfigurationConstants.CONFIG_EXCLUDE_PROTOCOLS); + if (excludeProtocolsStr == null) { + excludeProtocols.add("SSLv3"); + } else { + excludeProtocols.addAll(Arrays.asList(excludeProtocolsStr.split(" "))); + if (!excludeProtocols.contains("SSLv3")) { + excludeProtocols.add("SSLv3"); + } + } String maxIoWorkersStr = properties.getProperty( RpcClientConfigurationConstants.MAX_IO_WORKERS);
