[ https://issues.apache.org/jira/browse/HDFS-13061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16345557#comment-16345557 ]
Xiaoyu Yao commented on HDFS-13061: ----------------------------------- Thanks [~ajayydv] for the update. Just one more NIT, +1 after than being fixed pending Jenkins. TestSaslDataTransfer.java Line 303/353/398: {{socket.close()}}; is not needed as you have the following to handle that. {code:java} IOUtils.cleanupWithLogger(null, socket, serverSocket);{code} > SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted > channel > ------------------------------------------------------------------------------------- > > Key: HDFS-13061 > URL: https://issues.apache.org/jira/browse/HDFS-13061 > Project: Hadoop HDFS > Issue Type: Bug > Reporter: Xiaoyu Yao > Assignee: Ajay Kumar > Priority: Major > Attachments: HDFS-13061.000.patch, HDFS-13061.001.patch, > HDFS-13061.002.patch > > > HDFS-5910 introduces encryption negotiation between client and server based > on a customizable TrustedChannelResolver class. The TrustedChannelResolver is > invoked on both client and server side. If the resolver indicates that the > channel is trusted, then the data transfer will not be encrypted even if > dfs.encrypt.data.transfer is set to true. > SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the > client and server address are trusted, respectively. It decides the channel > is untrusted only if both client and server are not trusted to enforce > encryption. *This ticket is opened to change it to not trust (and encrypt) if > either client or server address are not trusted.* -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org