[
https://issues.apache.org/jira/browse/KNOX-733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15471802#comment-15471802
]
Larry McCay commented on KNOX-733:
----------------------------------
To provide a way for demos to not require truststores, I've added a new login
method called loginInsecure(). This mode of the programming model will warn the
user running it with the following in stdout:
{code}
**************** WARNING ******************
This is an insecure client instance and may
leave the interactions subject to a man in
the middle attack. Please use the login()
method instead of loginInsecure() for any
sensitive or production usecases.
*******************************************
{code}
I've also tried to add additional context information to the possible errors
for truststore discovery.
The most common issue however will end up being an SSLHandshakeException when
the presented cert can't be verified.
> Add support for custom truststore to Knox shell client
> ------------------------------------------------------
>
> Key: KNOX-733
> URL: https://issues.apache.org/jira/browse/KNOX-733
> Project: Apache Knox
> Issue Type: Bug
> Reporter: chris snow
> Assignee: Larry McCay
> Fix For: 0.10.0
>
> Attachments: KNOX-733-001.patch
>
>
> The Knox shell client does not verify the certificate of the server.
> One option would be to provide another method where developers can provide
> their own client, e.g.
> public static Hadoop login( String url, String username, String password,
> HttpClient client ) throws URISyntaxException { }
> https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60
> I can provide a patch if you are happy with this approach.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
