首页 发现 帮助
登录
apache
/
zookeeper
镜像自地址 https://gitee.com/apache/zookeeper.git
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

ZOOKEEPER-2949: using hostname and port to create SSLEngine

If the server has more than one host name, and serve each host name with different certificates. then the ssl client must provide the server name in the ssl Hello packet, to tell the server which certificate to use.
This is especially important when the client connect to a load balancer with different backend services.

https://en.wikipedia.org/wiki/Server_Name_Indication

Author: f00231050 <shaobao.feng@huawei.com>

Reviewers: Andor Molnár <andor@cloudera.com>, Abraham Fine <afine@apache.org>

Closes #423 from abel-von/ZOOKEEPER-2949
Feng Shaobao 7 年之前
父节点
d1b07d588e
当前提交
66554218a5
共有 1 个文件被更改,包括 10 次插入2 次删除
合并视图 显示文件统计
  1. 10 2
      src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java

+ 10 - 2
src/java/main/org/apache/zookeeper/ClientCnxnSocketNetty.java
查看文件 

@@ -112,7 +112,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
 
 
 
         ClientBootstrap bootstrap = new ClientBootstrap(channelFactory);
 
         ClientBootstrap bootstrap = new ClientBootstrap(channelFactory);
 
 
 
-        bootstrap.setPipelineFactory(new ZKClientPipelineFactory());
 
+        bootstrap.setPipelineFactory(new ZKClientPipelineFactory(addr.getHostString(), addr.getPort()));
 
         bootstrap.setOption("soLinger", -1);
 
         bootstrap.setOption("soLinger", -1);
 
         bootstrap.setOption("tcpNoDelay", true);
 
         bootstrap.setOption("tcpNoDelay", true);
 
 
 
@@ -340,6 +340,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
 
             return instance;
 
             return instance;
 
         }
 
         }
 
     }
 
     }
 
+
 
     /**
 
     /**
 
      * ZKClientPipelineFactory is the netty pipeline factory for this netty
 
      * ZKClientPipelineFactory is the netty pipeline factory for this netty
 
      * connection implementation.
 
      * connection implementation.
 
@@ -347,6 +348,13 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
 
     private class ZKClientPipelineFactory implements ChannelPipelineFactory {
 
     private class ZKClientPipelineFactory implements ChannelPipelineFactory {
 
         private SSLContext sslContext = null;
 
         private SSLContext sslContext = null;
 
         private SSLEngine sslEngine = null;
 
         private SSLEngine sslEngine = null;
 
+        private String host;
 
+        private int port;
 
+
 
+        public ZKClientPipelineFactory(String host, int port) {
 
+            this.host = host;
 
+            this.port = port;
 
+        }
 
 
 
         @Override
 
         @Override
 
         public ChannelPipeline getPipeline() throws Exception {
 
         public ChannelPipeline getPipeline() throws Exception {
 
@@ -363,7 +371,7 @@ public class ClientCnxnSocketNetty extends ClientCnxnSocket {
 
         private synchronized void initSSL(ChannelPipeline pipeline) throws SSLContextException {
 
         private synchronized void initSSL(ChannelPipeline pipeline) throws SSLContextException {
 
             if (sslContext == null || sslEngine == null) {
 
             if (sslContext == null || sslEngine == null) {
 
                 sslContext = X509Util.createSSLContext(clientConfig);
 
                 sslContext = X509Util.createSSLContext(clientConfig);
 
-                sslEngine = sslContext.createSSLEngine();
 
+                sslEngine = sslContext.createSSLEngine(host,port);
 
                 sslEngine.setUseClientMode(true);
 
                 sslEngine.setUseClientMode(true);
 
             }
 
             }
 
             pipeline.addLast("ssl", new SslHandler(sslEngine));
 
             pipeline.addLast("ssl", new SslHandler(sslEngine));