This is an automated email from the ASF dual-hosted git repository.
ggal pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-livy.git
The following commit(s) were added to refs/heads/master by this push:
new df691033 [LIVY-1012] Use SslContextFactory.Server() instead of
SslContextFactory
df691033 is described below
commit df691033b11440837c2a06fe624510bdbf815fd5
Author: Surendra Singh Lilhore
<[email protected]>
AuthorDate: Wed Apr 23 19:15:58 2025 +0530
[LIVY-1012] Use SslContextFactory.Server() instead of SslContextFactory
## What changes were proposed in this pull request?
Use SslContextFactory.Server() instead of SslContextFactory() when
constructing the factory.
## How was this patch tested?
With Jetty 9.4.50, we should call SslContextFactory.Server(), instead of
SslContextFactory(), to create SslContextFactory. Otherwise we get the
following error when using a KeyStore with multiple certificates in it.
```
Exception in thread "main" java.lang.IllegalStateException: KeyStores with
multiple certificates are not supported on the base class
org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.
SslContextFactory$Server or
org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
at
org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1289)
```
---
server/src/main/scala/org/apache/livy/server/WebServer.scala | 2 +-
.../scala/org/apache/livy/thriftserver/cli/ThriftHttpCLIService.scala | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/src/main/scala/org/apache/livy/server/WebServer.scala
b/server/src/main/scala/org/apache/livy/server/WebServer.scala
index 36d601b5..e8306e54 100644
--- a/server/src/main/scala/org/apache/livy/server/WebServer.scala
+++ b/server/src/main/scala/org/apache/livy/server/WebServer.scala
@@ -49,7 +49,7 @@ class WebServer(livyConf: LivyConf, var host: String, var
port: Int) extends Log
https.setSendServerVersion(livyConf.getBoolean(LivyConf.SEND_SERVER_VERSION))
https.addCustomizer(new SecureRequestCustomizer())
- val sslContextFactory = new SslContextFactory()
+ val sslContextFactory = new SslContextFactory.Server()
sslContextFactory.setKeyStorePath(keystore)
val credentialProviderPath =
livyConf.get(LivyConf.HADOOP_CREDENTIAL_PROVIDER_PATH)
diff --git
a/thriftserver/server/src/main/scala/org/apache/livy/thriftserver/cli/ThriftHttpCLIService.scala
b/thriftserver/server/src/main/scala/org/apache/livy/thriftserver/cli/ThriftHttpCLIService.scala
index 15eba2be..dc656300 100644
---
a/thriftserver/server/src/main/scala/org/apache/livy/thriftserver/cli/ThriftHttpCLIService.scala
+++
b/thriftserver/server/src/main/scala/org/apache/livy/thriftserver/cli/ThriftHttpCLIService.scala
@@ -89,7 +89,7 @@ class ThriftHttpCLIService(
}
val keyStorePassword = getKeyStorePassword()
val keystoreType = livyConf.get(LivyConf.SSL_KEYSTORE_TYPE)
- val sslContextFactory = new SslContextFactory
+ val sslContextFactory = new SslContextFactory.Server();
val excludedProtocols =
livyConf.get(LivyConf.THRIFT_SSL_PROTOCOL_BLACKLIST).split(",")
info(s"HTTP Server SSL: adding excluded protocols:
$excludedProtocols")
sslContextFactory.addExcludeProtocols(excludedProtocols: _*)
