|
@@ -53,6 +53,8 @@ import javax.net.ssl.SSLSocket;
|
|
|
import org.apache.hadoop.classification.InterfaceAudience;
|
|
import org.apache.hadoop.classification.InterfaceAudience;
|
|
|
import org.apache.hadoop.classification.InterfaceStability;
|
|
import org.apache.hadoop.classification.InterfaceStability;
|
|
|
import org.apache.hadoop.util.StringUtils;
|
|
import org.apache.hadoop.util.StringUtils;
|
|
|
|
|
+import org.slf4j.Logger;
|
|
|
|
|
+import org.slf4j.LoggerFactory;
|
|
|
|
|
|
|
|
/**
|
|
/**
|
|
|
************************************************************************
|
|
************************************************************************
|
|
@@ -228,6 +230,12 @@ public interface SSLHostnameVerifier extends javax.net.ssl.HostnameVerifier {
|
|
|
|
|
|
|
|
abstract class AbstractVerifier implements SSLHostnameVerifier {
|
|
abstract class AbstractVerifier implements SSLHostnameVerifier {
|
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
|
+ * Writes as SSLFactory logs as it is the only consumer of this verifier
|
|
|
|
|
+ * class.
|
|
|
|
|
+ */
|
|
|
|
|
+ static final Logger LOG = LoggerFactory.getLogger(SSLFactory.class);
|
|
|
|
|
+
|
|
|
/**
|
|
/**
|
|
|
* This contains a list of 2nd-level domains that aren't allowed to
|
|
* This contains a list of 2nd-level domains that aren't allowed to
|
|
|
* have wildcards when combined with country-codes.
|
|
* have wildcards when combined with country-codes.
|
|
@@ -354,13 +362,24 @@ public interface SSLHostnameVerifier extends javax.net.ssl.HostnameVerifier {
|
|
|
throws SSLException {
|
|
throws SSLException {
|
|
|
String[] cns = Certificates.getCNs(cert);
|
|
String[] cns = Certificates.getCNs(cert);
|
|
|
String[] subjectAlts = Certificates.getDNSSubjectAlts(cert);
|
|
String[] subjectAlts = Certificates.getDNSSubjectAlts(cert);
|
|
|
- check(host, cns, subjectAlts);
|
|
|
|
|
|
|
+ try {
|
|
|
|
|
+ check(host, cns, subjectAlts);
|
|
|
|
|
+ } catch (SSLException e) {
|
|
|
|
|
+ LOG.error("Host check error {}", e);
|
|
|
|
|
+ throw e;
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
public void check(final String[] hosts, final String[] cns,
|
|
public void check(final String[] hosts, final String[] cns,
|
|
|
final String[] subjectAlts, final boolean ie6,
|
|
final String[] subjectAlts, final boolean ie6,
|
|
|
final boolean strictWithSubDomains)
|
|
final boolean strictWithSubDomains)
|
|
|
throws SSLException {
|
|
throws SSLException {
|
|
|
|
|
+ if (LOG.isTraceEnabled()) {
|
|
|
|
|
+ LOG.trace("Hosts:{}, CNs:{} subjectAlts:{}, ie6:{}, " +
|
|
|
|
|
+ "strictWithSubDomains{}", Arrays.toString(hosts),
|
|
|
|
|
+ Arrays.toString(cns), Arrays.toString(subjectAlts), ie6,
|
|
|
|
|
+ strictWithSubDomains);
|
|
|
|
|
+ }
|
|
|
// Build up lists of allowed hosts For logging/debugging purposes.
|
|
// Build up lists of allowed hosts For logging/debugging purposes.
|
|
|
StringBuffer buf = new StringBuffer(32);
|
|
StringBuffer buf = new StringBuffer(32);
|
|
|
buf.append('<');
|
|
buf.append('<');
|
Xiaoyu Yao