[
https://issues.apache.org/jira/browse/ZOOKEEPER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294586#comment-16294586
]
Hadoop QA commented on ZOOKEEPER-2949:
--------------------------------------
+1 overall. GitHub Pull Request Build
+1 @author. The patch does not contain any @author tags.
+0 tests included. The patch appears to be a documentation patch that
doesn't require tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 3.0.1)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1378//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1378//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1378//console
This message is automatically generated.
> SSL ServerName not set when using hostname, some proxies may failed to proxy
> the request.
> -----------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2949
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2949
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.5.3
> Environment: In our environment, the zk clusters are all behind a
> proxy, the proxy decide to transfer the request from client based on the
> "ServerName" field in SSL Hello packet(the proxy served on SSL only). but the
> Hello packets that zk client sended do proxy do not contain the "ServerName"
> field in it. after inspect the codes, we have found that it is because that
> zk client did not specify the peerHost when initializing the SSLContext.
> Reporter: Feng Shaobao
> Fix For: 3.6.0
>
> Original Estimate: 12h
> Remaining Estimate: 12h
>
> In our environment, the zk clusters are all behind a proxy, the proxy decide
> to transfer the request from client based on the "ServerName" field in SSL
> Hello packet(the proxy served on SSL only). but the Hello packets that zk
> client sended do proxy do not contain the "ServerName" field in it. after
> inspect the codes, we have found that it is because that zk client did not
> specify the peerHost when initializing the SSLContext.
> In the method initSSL of class ZKClientPipelineFactory, it initialize the
> SSLEngine like below:
> sslEngine = sslContext.createSSLEngine();
> Actually the sslContext provide another factory method that receives the
> hostName and port parameter.
> public final SSLEngine createSSLEngine(String hostName, int port)
> If we call this method to create the SSLEngine, then the proxy will know
> which zk cluster it really want to access.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
