[
https://issues.apache.org/jira/browse/RANGER-5689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramachandran Krishnan updated RANGER-5689:
------------------------------------------
Fix Version/s: 3.0.0
> Standardize TLS hostname verification across Ranger HTTP clients using a
> uniform verifier
> -----------------------------------------------------------------------------------------
>
> Key: RANGER-5689
> URL: https://issues.apache.org/jira/browse/RANGER-5689
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.8.0
> Reporter: Vyom Mani Tiwari
> Assignee: Vyom Mani Tiwari
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Across various Ranger REST and HTTP client paths ({{{}RangerSslHelper{}}},
> {{{}RangerRESTClient{}}}, {{{}RangerUgSyncRESTClient{}}}, and
> {{{}RangerAdminJersey2RESTClient{}}}), hostname validation is currently
> managed via localized custom verifiers.
> To improve maintainability and ensure consistent connection behavior across
> diverse cluster environments, we should replace these decentralized checks
> with a uniform approach.
> *Proposed Solution:* Introduce a single, centralized hostname verifier class
> ({{{}RangerDefaultHostnameVerifier{}}}) that delegates the verification check
> directly to the standard {{DefaultHostnameVerifier}} provided by the Apache
> HttpComponents library. This eliminates redundant logic across the modules
> and ensures Ranger utilizes a standard, production-tested implementation for
> all HTTP engine paths.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)