[
https://issues.apache.org/jira/browse/HADOOP-5364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703864#action_12703864
]
Chris Douglas commented on HADOOP-5364:
---------------------------------------
As Kan suggested, this should warn for each instance of HsftpFileSystem; this
warns once for the life of the JVM and only one set of certs. If one were to
connect to multiple servers w/ hsftp, only the first would be checked, +/- race
conditions.
Simply reading from the config and setting a member variable will work. When
performing the cert expiration check for that handle (should be <= 0), set the
member variable to 0 and dispense with the separate boolean flag. Since
open/list are not synchronized, the member var should be volatile. The
synchronization with this approach is not strictly correct; it's still possible
to get multiple warnings from the same handle for multiple threads, but that's
OK.
Other:
* The Date import in HsftpFileSystem is unnecessary
* The expiration threshold property should include the units in which it is
expressed. {{ssl.expiration.warn.days}} seems OK to me
* Instead of setting curTime and performing the conversion for each cert, set
the threshold to curTime + days * ms/day and warn if expTime < that.
* The check should be disabled at the top, not the bottom of the block
> Adding SSL certificate expiration warning to hdfsproxy
> ------------------------------------------------------
>
> Key: HADOOP-5364
> URL: https://issues.apache.org/jira/browse/HADOOP-5364
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/hdfsproxy
> Reporter: Kan Zhang
> Assignee: zhiyong zhang
> Attachments: HADOOP-5364.patch, HADOOP-5364.patch, HADOOP-5364.patch,
> HADOOP-5364.patch, HADOOP-5364.patch, HADOOP-5364.patch
>
>
> SSL certificate warning should be provided on both client and proxy server
> side.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
