[
https://issues.apache.org/jira/browse/ZOOKEEPER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274048#comment-16274048
]
ASF GitHub Bot commented on ZOOKEEPER-2949:
-------------------------------------------
Github user abel-von commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/423#discussion_r154279983
--- Diff: src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java ---
@@ -340,13 +340,24 @@ public static Packet getInstance() {
return instance;
}
}
+
/**
* ZKClientPipelineFactory is the netty pipeline factory for this netty
* connection implementation.
*/
private class ZKClientPipelineFactory implements
ChannelPipelineFactory {
private SSLContext sslContext = null;
private SSLEngine sslEngine = null;
+ private String host;
+ private int port;
+
+ public ZKClientPipelineFactory() {
--- End diff --
Maybe not,but it's just a good thing to keep the default constructor when
I define a constructor with parameters.
> SSL ServerName not set when using hostname, some proxies may failed to proxy
> the request.
> -----------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2949
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2949
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.5.3
> Environment: In our environment, the zk clusters are all behind a
> proxy, the proxy decide to transfer the request from client based on the
> "ServerName" field in SSL Hello packet(the proxy served on SSL only). but the
> Hello packets that zk client sended do proxy do not contain the "ServerName"
> field in it. after inspect the codes, we have found that it is because that
> zk client did not specify the peerHost when initializing the SSLContext.
> Reporter: Feng Shaobao
> Fix For: 3.6.0
>
> Original Estimate: 12h
> Remaining Estimate: 12h
>
> In our environment, the zk clusters are all behind a proxy, the proxy decide
> to transfer the request from client based on the "ServerName" field in SSL
> Hello packet(the proxy served on SSL only). but the Hello packets that zk
> client sended do proxy do not contain the "ServerName" field in it. after
> inspect the codes, we have found that it is because that zk client did not
> specify the peerHost when initializing the SSLContext.
> In the method initSSL of class ZKClientPipelineFactory, it initialize the
> SSLEngine like below:
> sslEngine = sslContext.createSSLEngine();
> Actually the sslContext provide another factory method that receives the
> hostName and port parameter.
> public final SSLEngine createSSLEngine(String hostName, int port)
> If we call this method to create the SSLEngine, then the proxy will know
> which zk cluster it really want to access.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
