[jira] [Updated] (HIVE-27817) Disable ssl hostname verification for 127.0.0.1

[Yuming Wang (Jira)]

     [ 
https://issues.apache.org/jira/browse/HIVE-27817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yuming Wang updated HIVE-27817:
-------------------------------
    Description: 
{code:java}
diff --git 
a/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java 
b/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
index e12f245871..632980e7cd 100644
--- a/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
+++ b/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
@@ -71,7 +71,11 @@ public static TTransport getSSLSocket(String host, int port, 
int loginTimeout,
   private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws 
TTransportException {
     SSLSocket sslSocket = (SSLSocket) tSSLSocket.getSocket();
     SSLParameters sslParams = sslSocket.getSSLParameters();
-    sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+    if (sslSocket.getLocalAddress().getHostAddress().equals("127.0.0.1")) {
+      sslParams.setEndpointIdentificationAlgorithm(null);
+    } else {
+      sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+    }
     sslSocket.setSSLParameters(sslParams);
     return new TSocket(sslSocket);
   }

{code}

  was:
{code:diff}
diff --git 
a/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java 
b/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
index e12f245871..632980e7cd 100644
--- a/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
+++ b/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
@@ -71,7 +71,11 @@ public static TTransport getSSLSocket(String host, int port, 
int loginTimeout,
   private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws 
TTransportException {
     SSLSocket sslSocket = (SSLSocket) tSSLSocket.getSocket();
     SSLParameters sslParams = sslSocket.getSSLParameters();
-    sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+    if (sslSocket.getLocalAddress().getHostAddress().equals("127.0.0.1")) {
+      sslParams.setEndpointIdentificationAlgorithm(null);
+    } else {
+      sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+    }
     sslSocket.setSSLParameters(sslParams);
     return new TSocket(sslSocket);
   }

{code}


> Disable ssl hostname verification for 127.0.0.1
> -----------------------------------------------
>
>                 Key: HIVE-27817
>                 URL: https://issues.apache.org/jira/browse/HIVE-27817
>             Project: Hive
>          Issue Type: Improvement
>          Components: Hive
>    Affects Versions: 2.3.0
>            Reporter: Yuming Wang
>            Priority: Major
>
> {code:java}
> diff --git 
> a/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java 
> b/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
> index e12f245871..632980e7cd 100644
> --- a/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
> +++ b/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java
> @@ -71,7 +71,11 @@ public static TTransport getSSLSocket(String host, int 
> port, int loginTimeout,
>    private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws 
> TTransportException {
>      SSLSocket sslSocket = (SSLSocket) tSSLSocket.getSocket();
>      SSLParameters sslParams = sslSocket.getSSLParameters();
> -    sslParams.setEndpointIdentificationAlgorithm("HTTPS");
> +    if (sslSocket.getLocalAddress().getHostAddress().equals("127.0.0.1")) {
> +      sslParams.setEndpointIdentificationAlgorithm(null);
> +    } else {
> +      sslParams.setEndpointIdentificationAlgorithm("HTTPS");
> +    }
>      sslSocket.setSSLParameters(sslParams);
>      return new TSocket(sslSocket);
>    }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)