Repository: nifi Updated Branches: refs/heads/master f3745065b -> 4f40eca16
NIFI-3788 Switched Amazon HTTP client instantiation from using null HostnameVerifier (which defaulted to Strict, which cannot handle wildcard certificate hostnames) to DefaultHostnameVerifier, which is fine. I still want to add unit tests and integration tests, but I ran a flow which had previously caused the reproducible exception and this worked fine (flow showed objects were put in S3, no exceptions, and I verified through AWS Web Console that new objects were present). This closes #1753. Signed-off-by: Bryan Rosander <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/4f40eca1 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/4f40eca1 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/4f40eca1 Branch: refs/heads/master Commit: 4f40eca16ce64b0acfd60fe76d974a4e13a9951b Parents: f374506 Author: Andy LoPresto <[email protected]> Authored: Wed May 3 19:02:04 2017 -0400 Committer: Bryan Rosander <[email protected]> Committed: Thu May 4 12:09:52 2017 -0400 ---------------------------------------------------------------------- .../processors/aws/AbstractAWSProcessor.java | 29 ++++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/4f40eca1/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java index c49b59d..d34447d 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java @@ -16,6 +16,16 @@ */ package org.apache.nifi.processors.aws; +import com.amazonaws.AmazonWebServiceClient; +import com.amazonaws.ClientConfiguration; +import com.amazonaws.Protocol; +import com.amazonaws.auth.AWSCredentials; +import com.amazonaws.auth.AnonymousAWSCredentials; +import com.amazonaws.auth.BasicAWSCredentials; +import com.amazonaws.auth.PropertiesCredentials; +import com.amazonaws.http.conn.ssl.SdkTLSSocketFactory; +import com.amazonaws.regions.Region; +import com.amazonaws.regions.Regions; import java.io.File; import java.io.IOException; import java.util.ArrayList; @@ -26,10 +36,9 @@ import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.concurrent.TimeUnit; - import javax.net.ssl.SSLContext; - import org.apache.commons.lang3.StringUtils; +import org.apache.http.conn.ssl.DefaultHostnameVerifier; import org.apache.nifi.annotation.lifecycle.OnScheduled; import org.apache.nifi.annotation.lifecycle.OnShutdown; import org.apache.nifi.components.AllowableValue; @@ -44,17 +53,6 @@ import org.apache.nifi.processor.util.StandardValidators; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors; import org.apache.nifi.ssl.SSLContextService; -import com.amazonaws.AmazonWebServiceClient; -import com.amazonaws.ClientConfiguration; -import com.amazonaws.Protocol; -import com.amazonaws.auth.AWSCredentials; -import com.amazonaws.auth.AnonymousAWSCredentials; -import com.amazonaws.auth.BasicAWSCredentials; -import com.amazonaws.auth.PropertiesCredentials; -import com.amazonaws.http.conn.ssl.SdkTLSSocketFactory; -import com.amazonaws.regions.Region; -import com.amazonaws.regions.Regions; - /** * Abstract base class for aws processors. This class uses aws credentials for creating aws clients * @@ -140,7 +138,7 @@ public abstract class AbstractAWSProcessor<ClientType extends AmazonWebServiceCl values.add(createAllowableValue(regions)); } - return (AllowableValue[]) values.toArray(new AllowableValue[values.size()]); + return values.toArray(new AllowableValue[values.size()]); } @Override @@ -186,7 +184,8 @@ public abstract class AbstractAWSProcessor<ClientType extends AmazonWebServiceCl final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class); if (sslContextService != null) { final SSLContext sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.NONE); - SdkTLSSocketFactory sdkTLSSocketFactory = new SdkTLSSocketFactory(sslContext, null); + // NIFI-3788: Changed hostnameVerifier from null to DHV (BrowserCompatibleHostnameVerifier is deprecated) + SdkTLSSocketFactory sdkTLSSocketFactory = new SdkTLSSocketFactory(sslContext, new DefaultHostnameVerifier()); config.getApacheHttpClientConfig().setSslSocketFactory(sdkTLSSocketFactory); }
