[ https://issues.apache.org/jira/browse/KNOX-903?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay reassigned KNOX-903: -------------------------------- Assignee: Larry McCay > KnoxShell allows self signed certs to be used without any checks > ---------------------------------------------------------------- > > Key: KNOX-903 > URL: https://issues.apache.org/jira/browse/KNOX-903 > Project: Apache Knox > Issue Type: Bug > Components: KnoxShell > Affects Versions: 0.12.0 > Reporter: Sumit Gupta > Assignee: Larry McCay > Priority: Critical > Fix For: 0.12.0 > > > A TrustStrategy of TrustSelfSignedStrategy is being used while setting up > http clients to communicate with Knox over SSL. > In the Hadoop class it should be: > {code:java} > HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE; > TrustStrategy trustStrategy = TrustSelfSignedStrategy.INSTANCE; > if (clientContext.connection().secure()) { > hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier(); > trustStrategy = null; > } else { > {code} > instead of: > {code:java} > HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE; > TrustStrategy trustStrategy = TrustSelfSignedStrategy.INSTANCE; > if (clientContext.connection().secure()) { > hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier(); > } else { > {code} > The trustStrategy must be null in order to keep the default X509TrustManager > defined for the default ssl algorithm. -- This message was sent by Atlassian JIRA (v6.3.15#6346)