HADOOP-16718. Allow disabling Server Name Indication (SNI) for Jetty. Contributed by Aravindan Vijayan.
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org> Reviewed-by: Siyao Meng <smeng@cloudera.com>
This commit is contained in:
parent
0c217feed8
commit
f1ab7f18c4
|
@ -154,6 +154,10 @@ public final class HttpServer2 implements FilterContainer {
|
|||
public static final String FILTER_INITIALIZER_PROPERTY
|
||||
= "hadoop.http.filter.initializers";
|
||||
|
||||
public static final String HTTP_SNI_HOST_CHECK_ENABLED_KEY
|
||||
= "hadoop.http.sni.host.check.enabled";
|
||||
public static final boolean HTTP_SNI_HOST_CHECK_ENABLED_DEFAULT = false;
|
||||
|
||||
// The ServletContext attribute where the daemon Configuration
|
||||
// gets stored.
|
||||
public static final String CONF_CONTEXT_ATTRIBUTE = "hadoop.conf";
|
||||
|
@ -233,6 +237,8 @@ public final class HttpServer2 implements FilterContainer {
|
|||
private boolean xFrameEnabled;
|
||||
private XFrameOption xFrameOption = XFrameOption.SAMEORIGIN;
|
||||
|
||||
private boolean sniHostCheckEnabled;
|
||||
|
||||
public Builder setName(String name){
|
||||
this.name = name;
|
||||
return this;
|
||||
|
@ -377,6 +383,17 @@ public final class HttpServer2 implements FilterContainer {
|
|||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Enable or disable sniHostCheck.
|
||||
*
|
||||
* @param sniHostCheckEnabled Enable sniHostCheck if true, else disable it.
|
||||
* @return Builder.
|
||||
*/
|
||||
public Builder setSniHostCheckEnabled(boolean sniHostCheckEnabled) {
|
||||
this.sniHostCheckEnabled = sniHostCheckEnabled;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* A wrapper of {@link Configuration#getPassword(String)}. It returns
|
||||
* <code>String</code> instead of <code>char[]</code>.
|
||||
|
@ -471,6 +488,13 @@ public final class HttpServer2 implements FilterContainer {
|
|||
int backlogSize = conf.getInt(HTTP_SOCKET_BACKLOG_SIZE_KEY,
|
||||
HTTP_SOCKET_BACKLOG_SIZE_DEFAULT);
|
||||
|
||||
// If setSniHostCheckEnabled() is used to enable SNI hostname check,
|
||||
// configuration lookup is skipped.
|
||||
if (!sniHostCheckEnabled) {
|
||||
sniHostCheckEnabled = conf.getBoolean(HTTP_SNI_HOST_CHECK_ENABLED_KEY,
|
||||
HTTP_SNI_HOST_CHECK_ENABLED_DEFAULT);
|
||||
}
|
||||
|
||||
for (URI ep : endpoints) {
|
||||
final ServerConnector connector;
|
||||
String scheme = ep.getScheme();
|
||||
|
@ -514,7 +538,8 @@ public final class HttpServer2 implements FilterContainer {
|
|||
private ServerConnector createHttpsChannelConnector(
|
||||
Server server, HttpConfiguration httpConfig) {
|
||||
httpConfig.setSecureScheme(HTTPS_SCHEME);
|
||||
httpConfig.addCustomizer(new SecureRequestCustomizer());
|
||||
httpConfig.addCustomizer(
|
||||
new SecureRequestCustomizer(sniHostCheckEnabled));
|
||||
ServerConnector conn = createHttpChannelConnector(server, httpConfig);
|
||||
|
||||
SslContextFactory.Server sslContextFactory =
|
||||
|
|
|
@ -3789,4 +3789,12 @@
|
|||
fs space usage statistics refresh jitter in msec.
|
||||
</description>
|
||||
</property>
|
||||
|
||||
<property>
|
||||
<name>hadoop.http.sni.host.check.enabled</name>
|
||||
<value>false</value>
|
||||
<description>
|
||||
Enable Server Name Indication (SNI) host check for HTTPS enabled server.
|
||||
</description>
|
||||
</property>
|
||||
</configuration>
|
||||
|
|
|
@ -226,6 +226,6 @@ public class TestCommonConfigurationFields extends TestConfigurationFieldsBase {
|
|||
// - org.apache.hadoop.io.SequenceFile
|
||||
xmlPropsToSkipCompare.add("io.seqfile.local.dir");
|
||||
|
||||
|
||||
xmlPropsToSkipCompare.add("hadoop.http.sni.host.check.enabled");
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue