This is an automated email from the ASF dual-hosted git repository. haonan pushed a commit to branch fix_ratis_tls_config in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit e56f5ac83bbfb298c686f809749845ab2c6e2429 Author: HTHou <[email protected]> AuthorDate: Sun Sep 28 17:29:45 2025 +0800 Fix ratis TLS not working --- .../utils/NoHostnameVerificationTrustManager.java | 88 ++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/iotdb-core/consensus/src/main/java/org/apache/iotdb/consensus/ratis/utils/NoHostnameVerificationTrustManager.java b/iotdb-core/consensus/src/main/java/org/apache/iotdb/consensus/ratis/utils/NoHostnameVerificationTrustManager.java new file mode 100644 index 00000000000..fb5c9085488 --- /dev/null +++ b/iotdb-core/consensus/src/main/java/org/apache/iotdb/consensus/ratis/utils/NoHostnameVerificationTrustManager.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.iotdb.consensus.ratis.utils; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedTrustManager; +import javax.net.ssl.X509TrustManager; + +import java.net.Socket; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +public class NoHostnameVerificationTrustManager extends X509ExtendedTrustManager { + + private final X509TrustManager delegate; + + public NoHostnameVerificationTrustManager(X509TrustManager delegate) { + this.delegate = delegate; + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return delegate.getAcceptedIssuers(); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + delegate.checkClientTrusted(chain, authType); + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + delegate.checkServerTrusted(chain, authType); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) + throws CertificateException { + if (delegate instanceof X509ExtendedTrustManager) { + ((X509ExtendedTrustManager) delegate).checkClientTrusted(chain, authType, socket); + } else { + delegate.checkClientTrusted(chain, authType); + } + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) + throws CertificateException { + // Skip hostname check by calling base method + delegate.checkServerTrusted(chain, authType); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) + throws CertificateException { + if (delegate instanceof X509ExtendedTrustManager) { + ((X509ExtendedTrustManager) delegate).checkClientTrusted(chain, authType, engine); + } else { + delegate.checkClientTrusted(chain, authType); + } + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) + throws CertificateException { + // Skip hostname check by calling base method + delegate.checkServerTrusted(chain, authType); + } +}
