HADOOP-15813. Enable more reliable SSL connection reuse. Contributed by Daryn Sharp.

Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
This commit is contained in:
Daryn Sharp 2019-02-20 18:13:53 -08:00 committed by Wei-Chiu Chuang
parent 371a6db59a
commit a87e458432

View File

@ -108,6 +108,10 @@ public enum Mode { CLIENT, SERVER }
private Mode mode; private Mode mode;
private boolean requireClientCert; private boolean requireClientCert;
private SSLContext context; private SSLContext context;
// the java keep-alive cache relies on instance equivalence of the SSL socket
// factory. in many java versions, SSLContext#getSocketFactory always
// returns a new instance which completely breaks the cache...
private SSLSocketFactory socketFactory;
private HostnameVerifier hostnameVerifier; private HostnameVerifier hostnameVerifier;
private KeyStoresFactory keystoresFactory; private KeyStoresFactory keystoresFactory;
@ -178,6 +182,9 @@ public void init() throws GeneralSecurityException, IOException {
context.init(keystoresFactory.getKeyManagers(), context.init(keystoresFactory.getKeyManagers(),
keystoresFactory.getTrustManagers(), null); keystoresFactory.getTrustManagers(), null);
context.getDefaultSSLParameters().setProtocols(enabledProtocols); context.getDefaultSSLParameters().setProtocols(enabledProtocols);
if (mode == Mode.CLIENT) {
socketFactory = context.getSocketFactory();
}
hostnameVerifier = getHostnameVerifier(conf); hostnameVerifier = getHostnameVerifier(conf);
} }
@ -298,7 +305,7 @@ public SSLSocketFactory createSSLSocketFactory()
throw new IllegalStateException( throw new IllegalStateException(
"Factory is not in CLIENT mode. Actual mode is " + mode.toString()); "Factory is not in CLIENT mode. Actual mode is " + mode.toString());
} }
return context.getSocketFactory(); return socketFactory;
} }
/** /**