[
https://issues.apache.org/jira/browse/YARN-10291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17156777#comment-17156777
]
Eric Yang commented on YARN-10291:
----------------------------------
[~brahmareddy] Hadoop
[getAcceptedIssuers|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509TrustManager.java#L146]
is returning a list of empty issuers, or the list from
javax.net.ssl.X509TrustManager. Unless CA chained certificates are installed
into cacerts, there is no issuer verification in Hadoop own implementation of
SSL. This is the reason that I think Hadoop's implementation of loading
trusted store is odd.
> Yarn service commands doesn't work when https is enabled in RM
> --------------------------------------------------------------
>
> Key: YARN-10291
> URL: https://issues.apache.org/jira/browse/YARN-10291
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Bilwa S T
> Assignee: Bilwa S T
> Priority: Major
> Attachments: YARN-10291.001.patch
>
>
> when we submit application using command "yarn app -launch sleeper-service
> ../share/hadoop/yarn/yarn-service-examples/sleeper/sleeper.json" , it throws
> below exception
> {code:java}
> com.sun.jersey.api.client.ClientHandlerException:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> {code}
> We should use WebServiceClient#createClient as it takes care of setting
> sslfactory when https is called.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
