Repository: ambari Updated Branches: refs/heads/branch-2.5 48ea53808 -> 4379aea0b refs/heads/trunk ab53946fa -> 4eaec8eab
AMBARI-20049. One way SSL fallback logic can cause some agents to be connected with 2-way SSL (aonishuk) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4eaec8ea Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4eaec8ea Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4eaec8ea Branch: refs/heads/trunk Commit: 4eaec8eab5175303d8ba39439ac60f3deec25f19 Parents: ab53946 Author: Andrew Onishuk <aonis...@hortonworks.com> Authored: Thu Feb 16 17:36:27 2017 +0200 Committer: Andrew Onishuk <aonis...@hortonworks.com> Committed: Thu Feb 16 17:36:27 2017 +0200 ---------------------------------------------------------------------- .../src/main/python/ambari_agent/security.py | 17 +++++------------ .../src/test/python/ambari_agent/TestSecurity.py | 2 ++ 2 files changed, 7 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/4eaec8ea/ambari-agent/src/main/python/ambari_agent/security.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/python/ambari_agent/security.py b/ambari-agent/src/main/python/ambari_agent/security.py index 72ae954..45de7bb 100644 --- a/ambari-agent/src/main/python/ambari_agent/security.py +++ b/ambari-agent/src/main/python/ambari_agent/security.py @@ -55,18 +55,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection): 'Server require two-way SSL authentication. Use it instead of one-way...') if not self.two_way_ssl_required: - try: - sock = self.create_connection() - self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE) - logger.info('SSL connection established. Two-way SSL authentication is ' - 'turned off on the server.') - except (ssl.SSLError, AttributeError): - self.two_way_ssl_required = True - logger.info( - 'Insecure connection to https://' + self.host + ':' + self.port + - '/ failed. Reconnecting using two-way SSL authentication..') - - if self.two_way_ssl_required: + sock = self.create_connection() + self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE) + logger.info('SSL connection established. Two-way SSL authentication is ' + 'turned off on the server.') + else: self.certMan = CertificateManager(self.config, self.host) self.certMan.initSecurity() agent_key = self.certMan.getAgentKeyName() http://git-wip-us.apache.org/repos/asf/ambari/blob/4eaec8ea/ambari-agent/src/test/python/ambari_agent/TestSecurity.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py index 9e28ae7..c9a7fbe 100644 --- a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py +++ b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py @@ -102,6 +102,8 @@ class TestSecurity(unittest.TestCase): wrap_socket_mock.side_effect=ssl.SSLError() connection = security.VerifiedHTTPSConnection("example.com", self.config.get('server', 'secured_url_port'), self.config) + self.config.isTwoWaySSLConnection = MagicMock(return_value=True) + connection._tunnel_host = False connection.sock = None try: