HADOOP-16718. Allow disabling Server Name Indication (SNI) for Jetty. Contributed by Aravindan Vijayan.

Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
Reviewed-by: Siyao Meng <smeng@cloudera.com>
(cherry picked from commit f1ab7f18c4)
This commit is contained in:
Aravindan Vijayan 2019-12-03 15:46:21 -08:00 committed by Wei-Chiu Chuang
parent c1ed247459
commit f0c1403ec3
3 changed files with 35 additions and 2 deletions

View File

@ -148,6 +148,10 @@ public final class HttpServer2 implements FilterContainer {
public static final String FILTER_INITIALIZER_PROPERTY
= "hadoop.http.filter.initializers";
public static final String HTTP_SNI_HOST_CHECK_ENABLED_KEY
= "hadoop.http.sni.host.check.enabled";
public static final boolean HTTP_SNI_HOST_CHECK_ENABLED_DEFAULT = false;
// The ServletContext attribute where the daemon Configuration
// gets stored.
public static final String CONF_CONTEXT_ATTRIBUTE = "hadoop.conf";
@ -222,6 +226,8 @@ public final class HttpServer2 implements FilterContainer {
private boolean xFrameEnabled;
private XFrameOption xFrameOption = XFrameOption.SAMEORIGIN;
private boolean sniHostCheckEnabled;
public Builder setName(String name){
this.name = name;
return this;
@ -366,6 +372,17 @@ public final class HttpServer2 implements FilterContainer {
return this;
}
/**
* Enable or disable sniHostCheck.
*
* @param sniHostCheckEnabled Enable sniHostCheck if true, else disable it.
* @return Builder.
*/
public Builder setSniHostCheckEnabled(boolean sniHostCheckEnabled) {
this.sniHostCheckEnabled = sniHostCheckEnabled;
return this;
}
/**
* A wrapper of {@link Configuration#getPassword(String)}. It returns
* <code>String</code> instead of <code>char[]</code>.
@ -458,6 +475,13 @@ public final class HttpServer2 implements FilterContainer {
int backlogSize = conf.getInt(HTTP_SOCKET_BACKLOG_SIZE_KEY,
HTTP_SOCKET_BACKLOG_SIZE_DEFAULT);
// If setSniHostCheckEnabled() is used to enable SNI hostname check,
// configuration lookup is skipped.
if (!sniHostCheckEnabled) {
sniHostCheckEnabled = conf.getBoolean(HTTP_SNI_HOST_CHECK_ENABLED_KEY,
HTTP_SNI_HOST_CHECK_ENABLED_DEFAULT);
}
for (URI ep : endpoints) {
final ServerConnector connector;
String scheme = ep.getScheme();
@ -501,7 +525,8 @@ public final class HttpServer2 implements FilterContainer {
private ServerConnector createHttpsChannelConnector(
Server server, HttpConfiguration httpConfig) {
httpConfig.setSecureScheme(HTTPS_SCHEME);
httpConfig.addCustomizer(new SecureRequestCustomizer());
httpConfig.addCustomizer(
new SecureRequestCustomizer(sniHostCheckEnabled));
ServerConnector conn = createHttpChannelConnector(server, httpConfig);
SslContextFactory.Server sslContextFactory =

View File

@ -3239,4 +3239,12 @@
fs space usage statistics refresh jitter in msec.
</description>
</property>
<property>
<name>hadoop.http.sni.host.check.enabled</name>
<value>false</value>
<description>
Enable Server Name Indication (SNI) host check for HTTPS enabled server.
</description>
</property>
</configuration>

View File

@ -201,6 +201,6 @@ public class TestCommonConfigurationFields extends TestConfigurationFieldsBase {
// - org.apache.hadoop.io.SequenceFile
xmlPropsToSkipCompare.add("io.seqfile.local.dir");
xmlPropsToSkipCompare.add("hadoop.http.sni.host.check.enabled");
}
}