commit | adf086d54f85fa5321574300360f7fd86d47fe8b | [log] [tgz] |
---|---|---|
author | Rajan Dhabalia <rdhabalia@apache.org> | Sun May 17 05:14:36 2020 -0700 |
committer | GitHub <noreply@github.com> | Sun May 17 14:14:36 2020 +0200 |
tree | 1485513884fea757b8698c87a11672e100555b99 | |
parent | 27c32fc3eb54e9fe8ec1155f97f2f0079f5f716a [diff] |
[BOOKIE-MTLS] add support of hostname verification ### Motivation Right now, bookkeeper-client is not able to perform [hostname-verification](https://tersesystems.com/blog/2014/03/23/fixing-hostname-verification/) when it connects to broker over tls. Hostname-verification feature is already implemented in almost all [http-client](https://github.com/apache/httpcomponents-client/blob/master/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java) but it's not supported by [netty](https://stackoverflow.com/questions/13315623/netty-ssl-hostname-verification-support) yet. therefore, client should be able to perform hostname-verification as per [RFC-2181](https://tools.ietf.org/html/rfc2818#section-3.1) ### Modifications - added client configuration to enable hostname-verification (default disable) - use [http-client](https://github.com/apache/httpcomponents-client/blob/master/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java) but it's not supported by [netty](https://stackoverflow.com/questions/13315623/netty-ssl-hostname-verification-support) to perform hostname-validation rather adding custom logic. - add httpclient-apache dependency into LICENSE and NOTICE files. ### Result Bookkeeper client will be able to perform hostname verification while creating ssl session with bookie. Reviewers: Enrico Olivelli <eolivelli@gmail.com> This closes #2156 from rdhabalia/hostname
Apache BookKeeper is a scalable, fault tolerant and low latency storage service optimized for append-only workloads.
It is suitable for being used in following scenarios:
You can also read Turning Ledgers into Logs to learn how to turn ledgers into continuous log streams. If you are looking for a high level log stream API, you can checkout DistributedLog.
For filing bugs, suggesting improvements, or requesting new features, help us out by opening a Github issue or opening an Apache jira.
Subscribe or mail the user@bookkeeper.apache.org list - Ask questions, find answers, and also help other users.
Subscribe or mail the dev@bookkeeper.apache.org list - Join development discussions, propose new ideas and connect with contributors.
Join us on Slack - This is the most immediate way to connect with Apache BookKeeper committers and contributors.
We feel that a welcoming open community is important and welcome contributions.
See Developer Setup to get your local environment setup.
Take a look at our open issues: JIRA Issues Github Issues.
Review our coding style and follow our pull requests to learn about our conventions.
Make your changes according to our contribution guide.