[
https://issues.apache.org/jira/browse/FLUME-2460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14129721#comment-14129721
]
li xiang commented on FLUME-2460:
---------------------------------
I found a better way to solve this. The default trust manager of both IBM and
SUN JDK is PKIX, not SunX509, nor IbmX509. PKIX behaves like Sun's, that is,
handshake does not fail if the trusted certificate has expired. So the fix
uploaded is to use "TrustManagerFactory.getDefaultAlgorithm()" to replace
"SunX509" in all 3 java, and some comments about SunX509 are removed.
> Unit test TestAvroSink failed with IBM JDK 1.7
> ----------------------------------------------
>
> Key: FLUME-2460
> URL: https://issues.apache.org/jira/browse/FLUME-2460
> Project: Flume
> Issue Type: Bug
> Components: Sinks+Sources
> Affects Versions: v1.5.0.1
> Environment: IBM JDK 1.7
> Reporter: li xiang
> Assignee: li xiang
> Priority: Minor
> Fix For: v1.5.0.1, v1.6.0
>
>
> The following 3 java hard-codes "SunX509" as the trust manager, which is not
> friendly to other JDK
> (1) flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
> (2) flume-ng-core/src/test/java/org/apache/flume/sink/TestAvroSink.java
> (3) flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java
> And it results in "SunX509 TrustManagerFactory not available" when using JDK
> other than Sun's, as :
> java.security.NoSuchAlgorithmException: SunX509 TrustManagerFactory not
> available
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:171)
> at
> javax.net.ssl.TrustManagerFactory.getInstance(TrustManagerFactory.java:6)
> at
> org.apache.flume.api.NettyAvroRpcClient$SSLCompressionChannelFactory.newChannel(NettyAvroRpcClient.java:727)
> at
> org.apache.flume.api.NettyAvroRpcClient$SSLCompressionChannelFactory.newChannel(NettyAvroRpcClient.java:663)
> at
> org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:212)
> at
> org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)
> at
> org.apache.avro.ipc.NettyTransceiver.getChannel(NettyTransceiver.java:266)
> at org.apache.avro.ipc.NettyTransceiver.<init>(NettyTransceiver.java:206)
> at org.apache.avro.ipc.NettyTransceiver.<init>(NettyTransceiver.java:155)
> at
> org.apache.flume.api.NettyAvroRpcClient.connect(NettyAvroRpcClient.java:164)
> at
> org.apache.flume.api.NettyAvroRpcClient.connect(NettyAvroRpcClient.java:118)
> at
> org.apache.flume.api.NettyAvroRpcClient.configure(NettyAvroRpcClient.java:624)
> at
> org.apache.flume.api.RpcClientFactory.getInstance(RpcClientFactory.java:88)
> at org.apache.flume.sink.AvroSink.initializeRpcClient(AvroSink.java:127)
> at
> org.apache.flume.sink.AbstractRpcSink.createConnection(AbstractRpcSink.java:211)
> at org.apache.flume.sink.AbstractRpcSink.start(AbstractRpcSink.java:292)
> at
> org.apache.flume.sink.TestAvroSink.testSslProcessWithTrustStore(TestAvroSink.java:417)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
