Xiaoyu Yao created HDFS-11302:
---------------------------------
Summary: Improve Logging for SSLHostnameVerifier
Key: HDFS-11302
URL: https://issues.apache.org/jira/browse/HDFS-11302
Project: Hadoop HDFS
Issue Type: Improvement
Components: security
Reporter: Xiaoyu Yao
Assignee: Chen Liang
Priority: Minor
SSLHostnameVerifier interface/class was copied from other projects without any
logging to help troubleshooting SSL certificate related issues. For a
misconfigured SSL truststore, we may get some very confusing error message like
{code}
>hdfs dfs -cat swebhdfs://NNl/tmp/test1.txt
...
cause:java.io.IOException: DN2:50475: HTTPS hostname wrong: should be <DN2>
cat: DN2:50475: HTTPS hostname wrong: should be <DN2>
{code}
This ticket is opened to add tracing to give more useful context information
around SSL certificate verification failures inside the following code.
{code}AbstractVerifier#check(String[] host, X509Certificate cert) {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
