This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new fc6e964 [AMBARI-24447] No subject alternative DNS name exception
encountered when Enabling Kerberos against an Active Directory even when SSL
verification is off
fc6e964 is described below
commit fc6e964f5e447b1368569e455a545b8c8350cbd0
Author: Robert Levas <[email protected]>
AuthorDate: Thu Aug 9 13:02:46 2018 -0400
[AMBARI-24447] No subject alternative DNS name exception encountered when
Enabling Kerberos against an Active Directory even when SSL verification is off
---
.../server/security/InternalSSLSocketFactory.java | 26 ++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactory.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactory.java
index 9ecf5d1..fa67889 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactory.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactory.java
@@ -26,8 +26,10 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
/**
@@ -94,9 +96,9 @@ public class InternalSSLSocketFactory extends
SSLSocketFactory {
/**
* LenientTrustManager is a TrustManager that accepts all certificates
without validating the
- * chain of trust.
+ * chain of trust or hostname.
*/
- public static class LenientTrustManager implements X509TrustManager {
+ public static class LenientTrustManager extends X509ExtendedTrustManager
implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
// do nothing
}
@@ -108,5 +110,25 @@ public class InternalSSLSocketFactory extends
SSLSocketFactory {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String
s, Socket socket) throws CertificateException {
+ // do nothing
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String
s, Socket socket) throws CertificateException {
+ // do nothing
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String
s, SSLEngine sslEngine) throws CertificateException {
+ // do nothing
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String
s, SSLEngine sslEngine) throws CertificateException {
+ // do nothing
+ }
}
}
\ No newline at end of file
