[
https://issues.apache.org/jira/browse/OOZIE-3674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17633270#comment-17633270
]
Hadoop QA commented on OOZIE-3674:
----------------------------------
Testing JIRA OOZIE-3674
Cleaning local git workspace
----------------------------
{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
. {color:green}+1{color} the patch does not introduce any @author tags
. {color:green}+1{color} the patch does not introduce any tabs
. {color:green}+1{color} the patch does not introduce any trailing spaces
. {color:green}+1{color} the patch does not introduce any star imports
. {color:red}-1{color} the patch contains 2 line(s) longer than 132
characters
. {color:green}+1{color} the patch adds/modifies 1 testcase(s)
{color:green}+1 RAT{color}
. {color:green}+1{color} the patch does not seem to introduce new RAT
warnings
{color:red}-1 JAVADOC{color}
. {color:red}-1{color} build with Javadoc generation fails with the patch
{color:red}-1 COMPILE{color}
. {color:green}+1{color} HEAD compiles
. {color:red}-1{color} patch does not compile
. {color:green}+1{color} the patch does not seem to introduce new javac
warnings
{color:red}-1{color} There are [4] new bugs found below threshold in total that
must be fixed.
. {color:red}-1{color} There are [4] new bugs found below threshold in
[client] that must be fixed.
. You can find the SpotBugs diff here (look for the red and orange ones):
client/findbugs-new.html
. The most important SpotBugs errors are:
. At InsecureConnectionHelper.java:[line 64]: SSLContext needs to be
compatible with TLS 1.2
. At InsecureConnectionHelper.java:[line 53]: TrustManager that accept any
certificates makes communication vulnerable to a MITM attack
. At InsecureConnectionHelper.java:[line 56]: TrustManager that accept any
certificates makes communication vulnerable to a MITM attack
. At InsecureConnectionHelper.java:[line 49]: TrustManager that accept any
certificates makes communication vulnerable to a MITM attack
. {color:green}+1{color} There are no new bugs found in [webapp].
. {color:green}+1{color} There are no new bugs found in
[fluent-job/fluent-job-api].
. {color:green}+1{color} There are no new bugs found in [server].
. {color:green}+1{color} There are no new bugs found in [core].
. {color:green}+1{color} There are no new bugs found in [sharelib/spark].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive2].
. {color:green}+1{color} There are no new bugs found in [sharelib/distcp].
. {color:green}+1{color} There are no new bugs found in [sharelib/streaming].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive].
. {color:green}+1{color} There are no new bugs found in [sharelib/git].
. {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
. {color:green}+1{color} There are no new bugs found in [sharelib/pig].
. {color:green}+1{color} There are no new bugs found in [sharelib/oozie].
. {color:green}+1{color} There are no new bugs found in [sharelib/sqoop].
. {color:green}+1{color} There are no new bugs found in [tools].
. {color:green}+1{color} There are no new bugs found in [docs].
. {color:green}+1{color} There are no new bugs found in [examples].
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
. {color:green}+1{color} the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
. {color:green}+1{color} the patch does not modify JPA files
{color:red}-1 TESTS{color} - patch does not compile, cannot run test cases
{color:red}-1 DISTRO{color}
. {color:red}-1{color} distro tarball fails with the patch
{color:green}+1 MODERNIZER{color}
----------------------------
{color:red}*-1 Overall result, please check the reported -1(s)*{color}
The full output of the test-patch run is available at
. https://ci-hadoop.apache.org/job/PreCommit-OOZIE-Build/104/
> Add a --insecure like parameter to Oozie client so it can ignore certificate
> errors
> -----------------------------------------------------------------------------------
>
> Key: OOZIE-3674
> URL: https://issues.apache.org/jira/browse/OOZIE-3674
> Project: Oozie
> Issue Type: Task
> Components: client
> Affects Versions: 5.2.1
> Reporter: Janos Makai
> Assignee: Janos Makai
> Priority: Major
> Attachments: OOZIE-3674-001.patch
>
>
> Currently when SSL is enabled you need to pass the -Djavax.net.ssl.trustStore
> and -Djavax.net.ssl.trustStorePassword system properties to the Oozie client
> or you need to import the certificate into the JDK's cert store otherwise
> Oozie client won't be able to connect to the Oozie server. Always passing
> these variables is very inconvenient, and another solution might be to allow
> certificate errors in the client. This would be like the curl
> *{color:#0747a6}--insecure{color}* option. The data would still be encrypted,
> but the client would not check the certificate. This should not be turned on
> by default in the Oozie client, but this could be a new command line
> parameter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
