[ https://issues.apache.org/jira/browse/KNOX-903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15902168#comment-15902168 ]
ASF subversion and git services commented on KNOX-903: ------------------------------------------------------ Commit 9f7e34f114d499da39f98ec3c77a389e9d0538a4 in knox's branch refs/heads/master from [~lmccay] [ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=9f7e34f ] KNOX-903 - KnoxShell allows self signed certs to be used without any checks > KnoxShell allows self signed certs to be used without any checks > ---------------------------------------------------------------- > > Key: KNOX-903 > URL: https://issues.apache.org/jira/browse/KNOX-903 > Project: Apache Knox > Issue Type: Bug > Components: KnoxShell > Affects Versions: 0.12.0 > Reporter: Sumit Gupta > Assignee: Larry McCay > Priority: Critical > Fix For: 0.12.0 > > > A TrustStrategy of TrustSelfSignedStrategy is being used while setting up > http clients to communicate with Knox over SSL. > In the Hadoop class it should be: > {code:java} > HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE; > TrustStrategy trustStrategy = TrustSelfSignedStrategy.INSTANCE; > if (clientContext.connection().secure()) { > hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier(); > trustStrategy = null; > } else { > {code} > instead of: > {code:java} > HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE; > TrustStrategy trustStrategy = TrustSelfSignedStrategy.INSTANCE; > if (clientContext.connection().secure()) { > hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier(); > } else { > {code} > The trustStrategy must be null in order to keep the default X509TrustManager > defined for the default ssl algorithm. -- This message was sent by Atlassian JIRA (v6.3.15#6346)