This is an automated email from the ASF dual-hosted git repository. snagel pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nutch.git
commit 03e0ffda4e0c7a31c033541e937a742fe798608a Author: Sebastian Nagel <sna...@apache.org> AuthorDate: Tue Jun 14 11:00:31 2022 +0200 NUTCH-2936 Early registration of URL stream handlers provided by plugins may fail Hadoop jobs running in distributed mode if protocol-okhttp is used - protocol-okhttp: initialize SSLContext used to ignore SSL/TLS certificate verificiation not in a static code block --- .../org/apache/nutch/protocol/okhttp/OkHttp.java | 29 +++++++++------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java b/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java index d5ab77ec5..9cf977914 100644 --- a/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java +++ b/src/plugin/protocol-okhttp/src/java/org/apache/nutch/protocol/okhttp/OkHttp.java @@ -87,21 +87,6 @@ public class OkHttp extends HttpBase { } } }; - private static final SSLContext trustAllSslContext; - - static { - try { - trustAllSslContext = SSLContext.getInstance("SSL"); - trustAllSslContext.init(null, trustAllCerts, - new java.security.SecureRandom()); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - - private static final SSLSocketFactory trustAllSslSocketFactory = trustAllSslContext - .getSocketFactory(); - public OkHttp() { super(LOG); } @@ -126,8 +111,18 @@ public class OkHttp extends HttpBase { .readTimeout(this.timeout, TimeUnit.MILLISECONDS); if (!this.tlsCheckCertificate) { - builder.sslSocketFactory(trustAllSslSocketFactory, - (X509TrustManager) trustAllCerts[0]); + try { + SSLContext trustAllSslContext = SSLContext.getInstance("TLS"); + trustAllSslContext.init(null, trustAllCerts, null); + SSLSocketFactory trustAllSslSocketFactory = trustAllSslContext + .getSocketFactory(); + builder.sslSocketFactory(trustAllSslSocketFactory, + (X509TrustManager) trustAllCerts[0]); + } catch (Exception e) { + LOG.error( + "Failed to disable TLS certificate verification (property http.tls.certificates.check)", + e); + } builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) {