[ https://issues.apache.org/jira/browse/HADOOP-13512?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mingliang Liu updated HADOOP-13512: ----------------------------------- Resolution: Fixed Hadoop Flags: Reviewed Fix Version/s: 2.7.4 Status: Resolved (was: Patch Available) Thanks [~jnp] for reviewing the patch. It contains no dedicated UT because it's covered by existing {{TestReloadingX509TrustManager}}. I've committed this to {{trunk}} through {{branch-2.7}}. > ReloadingX509TrustManager should keep reloading in case of exception > -------------------------------------------------------------------- > > Key: HADOOP-13512 > URL: https://issues.apache.org/jira/browse/HADOOP-13512 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Mingliang Liu > Assignee: Mingliang Liu > Priority: Critical > Fix For: 2.7.4 > > Attachments: HADOOP-13512.000.patch > > > {{org.apache.hadoop.security.ssl.TestReloadingX509TrustManager}} checks the > key store file's last modified time to decide whether to reload. This is to > avoid unnecessary reload if the key store file is not changed. To do this, it > maintains an internal state {{lastLoaded}} whenever it tries to reload a > file. It also updates the {{lastLoaded}} variable in case of exception so > failing reload will not be retried until the key store file's last modified > time changes again. > Chances are that the reload happens when the key store file is being written. > The reload fails (probably with EOFException) and won't load until key store > files's last modified time changes. After a short period, the key store file > is closed after update. However, the last modified time may not be updated as > if it's in the same precision period (e.g. 1 second). In this case, the > updated key store file is never reloaded. > A simple fix is to update the {{lastLoaded}} only when the reload succeeds. > {{ReloadingX509TrustManager}} will keep reloading in case of exception. > Thoughts? -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org