Xiaoyu Yao created HDFS-13061:
---------------------------------
Summary: SaslDataTransferClient#checkTrustAndSend should not trust
a partially trusted channel
Key: HDFS-13061
URL: https://issues.apache.org/jira/browse/HDFS-13061
Project: Hadoop HDFS
Issue Type: Bug
Reporter: Xiaoyu Yao
Assignee: Ajay Kumar
HDFS-5920 introduces encryption negotiation between client and server based on
a customizable TrustedChannelResolver class. The TrustedChannelResolver is
invoked on both client and server side. If the resolver indicates that the
channel is trusted, then the data transfer will not be encrypted even if
dfs.encrypt.data.transfer is set to true.
SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the
client and server address are trusted, respectively. It decides the channel is
untrusted only if both client and server are not trusted to enforce encryption.
*This ticket is opened to change it to not trust (and encrypt) if either client
or server address are not trusted.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
