[jira] [Updated] (HDFS-5893) HftpFileSystem.RangeHeaderUrlOpener uses the default URLConnectionFactory which does not import SSL certificates

Wed, 05 Feb 2014 21:10:38 -0800 

     [ 
https://issues.apache.org/jira/browse/HDFS-5893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Haohui Mai updated HDFS-5893:
-----------------------------

    Description: 
When {{HftpFileSystem}} tries to get the data, it create a 
{{RangeHeaderUrlOpener}} object to open a HTTP / HTTPS connection to the NN. 
However, {{HftpFileSystem.RangeHeaderUrlOpener}} uses the default 
URLConnectionFactory. It does not import the SSL certificates from 
ssl-client.xml. Therefore {{HsftpFileSystem}} fails.

To fix this bug, {{HftpFileSystem.RangeHeaderUrlOpener}} needs to use the same 
{{URLConnectionFactory}} as the one used by {{HftpFileSystem}}.

  was:
set dfs.http.policy=HTTPS_ONLY.
And do cat | copyToLocal | get operation on HDFS data using 
hsftp://NN:NN_HTTPS_PORT.
These operation fails with 'PKIX path building failed' error

RUNNING: hdfs dfs -cat hsftp://NN:NN_HTTPS_PORT/tmp/testfile
cat: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

-------------
RUNNING: hdfs dfs -copyToLocal hsftp://NN:NN_HTTPS_PORT/tmp/TestFile 
/etc/tmp/data/file1
copyToLocal: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target

-------------
RUNNING: hdfs dfs -get hsftp://NN:NN_HTTPS_PORT/tmp/TestFile /etc/tmp/data/file1
get: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target


> HftpFileSystem.RangeHeaderUrlOpener uses the default URLConnectionFactory 
> which does not import SSL certificates
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-5893
>                 URL: https://issues.apache.org/jira/browse/HDFS-5893
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Yesha Vora
>
> When {{HftpFileSystem}} tries to get the data, it create a 
> {{RangeHeaderUrlOpener}} object to open a HTTP / HTTPS connection to the NN. 
> However, {{HftpFileSystem.RangeHeaderUrlOpener}} uses the default 
> URLConnectionFactory. It does not import the SSL certificates from 
> ssl-client.xml. Therefore {{HsftpFileSystem}} fails.
> To fix this bug, {{HftpFileSystem.RangeHeaderUrlOpener}} needs to use the 
> same {{URLConnectionFactory}} as the one used by {{HftpFileSystem}}.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to