[
https://issues.apache.org/jira/browse/KNOX-903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15902170#comment-15902170
]
ASF subversion and git services commented on KNOX-903:
------------------------------------------------------
Commit 3ec2fc3b759063dc6fc03f3805dde82c6f0141d1 in knox's branch
refs/heads/v0.12.0 from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=3ec2fc3 ]
KNOX-903 - KnoxShell allows self signed certs to be used without any checks
> KnoxShell allows self signed certs to be used without any checks
> ----------------------------------------------------------------
>
> Key: KNOX-903
> URL: https://issues.apache.org/jira/browse/KNOX-903
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxShell
> Affects Versions: 0.12.0
> Reporter: Sumit Gupta
> Assignee: Larry McCay
> Priority: Critical
> Fix For: 0.12.0
>
>
> A TrustStrategy of TrustSelfSignedStrategy is being used while setting up
> http clients to communicate with Knox over SSL.
> In the Hadoop class it should be:
> {code:java}
> HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
> TrustStrategy trustStrategy = TrustSelfSignedStrategy.INSTANCE;
> if (clientContext.connection().secure()) {
> hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
> trustStrategy = null;
> } else {
> {code}
> instead of:
> {code:java}
> HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
> TrustStrategy trustStrategy = TrustSelfSignedStrategy.INSTANCE;
> if (clientContext.connection().secure()) {
> hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
> } else {
> {code}
> The trustStrategy must be null in order to keep the default X509TrustManager
> defined for the default ssl algorithm.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
