[jira] [Commented] (DRILL-8008) Add Config Option to HTTP Plugin to Skip SSL Validation

Tue, 12 Oct 2021 10:53:06 -0700 


    [ 
https://issues.apache.org/jira/browse/DRILL-8008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17427837#comment-17427837
 ] 

ASF GitHub Bot commented on DRILL-8008:
---------------------------------------

cgivre commented on a change in pull request #2331:
URL: https://github.com/apache/drill/pull/2331#discussion_r727366808



##########
File path: 
contrib/storage-http/src/main/java/org/apache/drill/exec/store/http/util/SimpleHttp.java
##########
@@ -116,6 +125,28 @@ private OkHttpClient setupHttpClient() {
     builder.writeTimeout(timeout, TimeUnit.SECONDS);
     builder.readTimeout(timeout, TimeUnit.SECONDS);
 
+    // Code to skip SSL Certificate validation
+    // Sourced from 
https://stackoverflow.com/questions/60110848/how-to-disable-ssl-verification
+    if (! scanDefn.tableSpec().connectionConfig().verifySSLCert()) {
+      try {
+        TrustManager[] trustAllCerts = getAllTrustingTrustManager();
+        SSLContext sslContext = SSLContext.getInstance("SSL");
+        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
+        SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
+
+
+        builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) 
trustAllCerts[0]);
+        builder.hostnameVerifier(new HostnameVerifier() {
+          @Override
+          public boolean verify(String hostname, SSLSession session) {
+            return true;
+          }
+        });

Review comment:
       Done!  Much cleaner.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


> Add Config Option to HTTP Plugin to Skip SSL Validation
> -------------------------------------------------------
>
>                 Key: DRILL-8008
>                 URL: https://issues.apache.org/jira/browse/DRILL-8008
>             Project: Apache Drill
>          Issue Type: Improvement
>          Components: Storage - Other
>    Affects Versions: 1.19.0
>            Reporter: Charles Givre
>            Assignee: Charles Givre
>            Priority: Minor
>             Fix For: 1.20.0
>
>
> In the current implementation, Drill validates all SSL certificates when 
> querying REST APIs.  In some circumstances, such as a corporate network, or 
> for testing, a user might want to disable this functionality.  This PR adds a 
> config option to the HTTP plugin to disable SSL validation. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to