[jira] [Comment Edited] (HDFS-14951) KMS Jetty server does not startup if trust store password is null

Wed, 06 Nov 2019 13:27:09 -0800 


    [ 
https://issues.apache.org/jira/browse/HDFS-14951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16968723#comment-16968723
 ] 

Wei-Chiu Chuang edited comment on HDFS-14951 at 11/6/19 9:25 PM:
-----------------------------------------------------------------

Good catch [~smeng]. Can we also add that check for keystore password 
[~hanishakoneru]?

Also, what happens after this change?
Looking at Jetty's source code, it looks like it'll attempt to use keystore 
password to open trust store if truststore password is not set. So it's not 
clear to me what happens next if key store password is also null. Will we end 
up with the same situation?

It would be best to have a test to demonstrate what happens after the fix. 
TestSSLHttpServer can be a good starting point.


was (Author: jojochuang):
Good catch [~smeng]. Can we also add that check for keystore password 
[~hanishakoneru]?

Also, what happens after this change?
Looking at Jetty's source code, it looks like it'll attempt to use keystore 
password to open trust store if truststore password is not set. So it's not 
clear to me what happens next if key store password is also null. Will we end 
up with the same situation?

> KMS Jetty server does not startup if trust store password is null
> -----------------------------------------------------------------
>
>                 Key: HDFS-14951
>                 URL: https://issues.apache.org/jira/browse/HDFS-14951
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Hanisha Koneru
>            Assignee: Hanisha Koneru
>            Priority: Major
>         Attachments: HDFS-14951.001.patch
>
>
> In HttpServe2, if the trustStore is set but the trust store password is not, 
> then we set the TrustStorePassword of SSLContextFactory to null. This results 
> in the Jetty server not starting up.
> {code:java}
> In HttpServer2#createHttpsChannelConnector(),
> if (trustStore != null) {
>   sslContextFactory.setTrustStorePath(trustStore);
>   sslContextFactory.setTrustStoreType(trustStoreType);
>   sslContextFactory.setTrustStorePassword(trustStorePassword);
> }
> {code}
> Before setting the trust store password, we should check that it is not null.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to