[jira] [Commented] (HDFS-13061) SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted channel

Wed, 31 Jan 2018 11:09:05 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-13061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16347412#comment-16347412
 ] 

Hudson commented on HDFS-13061:
-------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13592 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/13592/])
HDFS-13061. SaslDataTransferClient#checkTrustAndSend should not trust a (xyao: 
rev 37b753656849d0864ed3c8858edf3b85515cbf39)
* (edit) 
hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.java


> SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted 
> channel
> -------------------------------------------------------------------------------------
>
>                 Key: HDFS-13061
>                 URL: https://issues.apache.org/jira/browse/HDFS-13061
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Xiaoyu Yao
>            Assignee: Ajay Kumar
>            Priority: Major
>             Fix For: 3.1.0
>
>         Attachments: HDFS-13061.000.patch, HDFS-13061.001.patch, 
> HDFS-13061.002.patch, HDFS-13061.003.patch
>
>
> HDFS-5910 introduces encryption negotiation between client and server based 
> on a customizable TrustedChannelResolver class. The TrustedChannelResolver is 
> invoked on both client and server side. If the resolver indicates that the 
> channel is trusted, then the data transfer will not be encrypted even if 
> dfs.encrypt.data.transfer is set to true. 
> SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the 
> client and server address are trusted, respectively. It decides the channel 
> is untrusted only if both client and server are not trusted to enforce 
> encryption. *This ticket is opened to change it to not trust (and encrypt) if 
> either client or server address are not trusted.*



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to