This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-2.9 by this push:
new bee7184 HADOOP-15813. Enable more reliable SSL connection reuse.
Contributed by Daryn Sharp.
bee7184 is described below
commit bee718488525e0af013149760e2bac9016f6363c
Author: Daryn Sharp <da...@apache.org>
AuthorDate: Wed Feb 20 18:13:53 2019 -0800
HADOOP-15813. Enable more reliable SSL connection reuse. Contributed by
Daryn Sharp.
Signed-off-by: Wei-Chiu Chuang <weic...@apache.org>
(cherry picked from commit a87e458432609b7a35a2abd6410b02e8a2ffc974)
(cherry picked from commit ae8839e6e8cc3e8f8d5e50525d3302038ada484b)
(cherry picked from commit 704330a616c17256b3e39370f999928ba1c463e6)
(cherry picked from commit 4eccf2a3cc6b1468085f48ee267b2093b4f5be9d)
(cherry picked from commit 665cad03f30b1bc400a1991ccfd5053de6d86f6f)
---
.../src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
index 16b6784..8825965 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
@@ -85,6 +85,10 @@ public class SSLFactory implements ConnectionConfigurator {
private Mode mode;
private boolean requireClientCert;
private SSLContext context;
+ // the java keep-alive cache relies on instance equivalence of the SSL socket
+ // factory. in many java versions, SSLContext#getSocketFactory always
+ // returns a new instance which completely breaks the cache...
+ private SSLSocketFactory socketFactory;
private HostnameVerifier hostnameVerifier;
private KeyStoresFactory keystoresFactory;
@@ -150,6 +154,9 @@ public class SSLFactory implements ConnectionConfigurator {
context.init(keystoresFactory.getKeyManagers(),
keystoresFactory.getTrustManagers(), null);
context.getDefaultSSLParameters().setProtocols(enabledProtocols);
+ if (mode == Mode.CLIENT) {
+ socketFactory = context.getSocketFactory();
+ }
hostnameVerifier = getHostnameVerifier(conf);
}
@@ -270,7 +277,7 @@ public class SSLFactory implements ConnectionConfigurator {
throw new IllegalStateException(
"Factory is not in CLIENT mode. Actual mode is " + mode.toString());
}
- return context.getSocketFactory();
+ return socketFactory;
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org
