[ https://issues.apache.org/jira/browse/RANGER-3542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487967#comment-17487967 ]
Pradeep Agrawal commented on RANGER-3542: ----------------------------------------- master branch : [https://github.com/apache/ranger/commit/26070383c6300da91926ed77e128d35c9808056c] 2.3-branch: https://github.com/apache/ranger/commit/5e24f09f1a54ac5e07079758d3fc45a4bf16677d > Invalid HTTPS Check > ------------------- > > Key: RANGER-3542 > URL: https://issues.apache.org/jira/browse/RANGER-3542 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: David Mollitor > Assignee: Pradeep Agrawal > Priority: Minor > Fix For: 3.0.0, 2.3.0 > > Attachments: 0001-RANGER-3542-Fix-invalid-HTTPS-check.patch > > > [https://github.com/apache/ranger/blob/0258fcf7ab25473b056fffc103840806c18fdcad/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java#L243] > > {code:java|title=RangerRESTClient.java} > mIsSSL = StringUtils.containsIgnoreCase(mUrl, "https"); > {code} > This can trigger inadvertently if the host name just happens to have "https" > in the name. Better/safer to use Java URL to parse {{mUrl}} and look at the > protocol explicitly. > For example: {{http://my.serverhttps.com}} would trigger as an ssl enabled > endpoint. -- This message was sent by Atlassian Jira (v8.20.1#820001)