[GitHub] [hadoop] steveloughran commented on a change in pull request #970: HADOOP-16371: Option to disable GCM for SSL connections when running on Java 8

Mon, 16 Sep 2019 04:36:52 -0700 

steveloughran commented on a change in pull request #970: HADOOP-16371: Option 
to disable GCM for SSL connections when running on Java 8
URL: https://github.com/apache/hadoop/pull/970#discussion_r324626072
 
 

 ##########
 File path: 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/DelegatingSSLSocketFactory.java
 ##########
 @@ -118,33 +144,47 @@ private SSLSocketFactoryEx(SSLChannelMode 
preferredChannelMode)
   private void initializeSSLContext(SSLChannelMode preferredChannelMode)
       throws NoSuchAlgorithmException, KeyManagementException {
     switch (preferredChannelMode) {
-      case Default:
-        try {
-          java.util.logging.Logger logger = 
java.util.logging.Logger.getLogger(SSL.class.getName());
-          logger.setLevel(Level.WARNING);
-          ctx = SSLContext.getInstance("openssl.TLS");
-          ctx.init(null, null, null);
-          // Strong reference needs to be kept to logger until initialization 
of SSLContext finished (see HADOOP-16174):
-          logger.setLevel(Level.INFO);
-          channelMode = SSLChannelMode.OpenSSL;
-        } catch (NoSuchAlgorithmException e) {
-          LOG.warn("Failed to load OpenSSL. Falling back to the JSSE 
default.");
-          ctx = SSLContext.getDefault();
-          channelMode = SSLChannelMode.Default_JSSE;
-        }
-        break;
-      case OpenSSL:
+    case Default:
+      if (!openSSLProviderRegistered) {
+        OpenSSLProvider.register();
 
 Review comment:
   By calling wildfly methods without using reflection, this class can only be 
loaded or used if wildfly is on the CP. While this is already a requirement of 
hadoop-azure, I don't want to add it to hadoop-aws. Somehow reflection is going 
to be needed here.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to