[jira] [Updated] (HADOOP-13512) ReloadingX509TrustManager should keep reloading in case of exception

Thu, 18 Aug 2016 14:27:09 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-13512?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mingliang Liu updated HADOOP-13512:
-----------------------------------
       Resolution: Fixed
     Hadoop Flags: Reviewed
    Fix Version/s: 2.7.4
           Status: Resolved  (was: Patch Available)

Thanks [~jnp] for reviewing the patch. It contains no dedicated UT because it's 
covered by existing {{TestReloadingX509TrustManager}}. I've committed this to 
{{trunk}} through {{branch-2.7}}.

> ReloadingX509TrustManager should keep reloading in case of exception
> --------------------------------------------------------------------
>
>                 Key: HADOOP-13512
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13512
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Mingliang Liu
>            Assignee: Mingliang Liu
>            Priority: Critical
>             Fix For: 2.7.4
>
>         Attachments: HADOOP-13512.000.patch
>
>
> {{org.apache.hadoop.security.ssl.TestReloadingX509TrustManager}} checks the 
> key store file's last modified time to decide whether to reload.  This is to 
> avoid unnecessary reload if the key store file is not changed. To do this, it 
> maintains an internal state {{lastLoaded}} whenever it tries to reload a 
> file. It also updates the {{lastLoaded}} variable in case of exception so 
> failing reload will not be retried until the key store file's last modified 
> time changes again.
> Chances are that the reload happens when the key store file is being written. 
> The reload fails (probably with EOFException) and won't load until key store 
> files's last modified time changes. After a short period, the key store file 
> is closed after update. However, the last modified time may not be updated as 
> if it's in the same precision period (e.g. 1 second). In this case, the 
> updated key store file is never reloaded.
> A simple fix is to update the {{lastLoaded}} only when the reload succeeds. 
> {{ReloadingX509TrustManager}} will keep reloading in case of exception.
> Thoughts?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to