HADOOP-15813. Enable more reliable SSL connection reuse. Contributed by Daryn Sharp.
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
This commit is contained in:
parent
371a6db59a
commit
a87e458432
@ -108,6 +108,10 @@ public enum Mode { CLIENT, SERVER }
|
|||||||
private Mode mode;
|
private Mode mode;
|
||||||
private boolean requireClientCert;
|
private boolean requireClientCert;
|
||||||
private SSLContext context;
|
private SSLContext context;
|
||||||
|
// the java keep-alive cache relies on instance equivalence of the SSL socket
|
||||||
|
// factory. in many java versions, SSLContext#getSocketFactory always
|
||||||
|
// returns a new instance which completely breaks the cache...
|
||||||
|
private SSLSocketFactory socketFactory;
|
||||||
private HostnameVerifier hostnameVerifier;
|
private HostnameVerifier hostnameVerifier;
|
||||||
private KeyStoresFactory keystoresFactory;
|
private KeyStoresFactory keystoresFactory;
|
||||||
|
|
||||||
@ -178,6 +182,9 @@ public void init() throws GeneralSecurityException, IOException {
|
|||||||
context.init(keystoresFactory.getKeyManagers(),
|
context.init(keystoresFactory.getKeyManagers(),
|
||||||
keystoresFactory.getTrustManagers(), null);
|
keystoresFactory.getTrustManagers(), null);
|
||||||
context.getDefaultSSLParameters().setProtocols(enabledProtocols);
|
context.getDefaultSSLParameters().setProtocols(enabledProtocols);
|
||||||
|
if (mode == Mode.CLIENT) {
|
||||||
|
socketFactory = context.getSocketFactory();
|
||||||
|
}
|
||||||
hostnameVerifier = getHostnameVerifier(conf);
|
hostnameVerifier = getHostnameVerifier(conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -298,7 +305,7 @@ public SSLSocketFactory createSSLSocketFactory()
|
|||||||
throw new IllegalStateException(
|
throw new IllegalStateException(
|
||||||
"Factory is not in CLIENT mode. Actual mode is " + mode.toString());
|
"Factory is not in CLIENT mode. Actual mode is " + mode.toString());
|
||||||
}
|
}
|
||||||
return context.getSocketFactory();
|
return socketFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user