Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

correctly install default ssl socket factory when no key or trust store #13589

Merged
merged 1 commit into from
Jul 18, 2024
Merged

correctly install default ssl socket factory when no key or trust store #13589

merged 1 commit into from
Jul 18, 2024

Conversation

zhtaoxiang
Copy link
Contributor

When changing the ssl context to be swappable, the logic of installing default ssl socket factory when no key or trust store was broken. Specifically, we can install default ssl socket factory when no key or trust store before changing the ssl context to be swappable, but cannot do it any more after the change.

This PR fixes the issue.

@codecov-commenter
Copy link

codecov-commenter commented Jul 11, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 36.36364% with 7 lines in your changes missing coverage. Please review.

Project coverage is 62.08%. Comparing base (59551e4) to head (7dfa63c).
Report is 750 commits behind head on master.

Files Patch % Lines
...va/org/apache/pinot/common/utils/tls/TlsUtils.java 36.36% 6 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master   #13589      +/-   ##
============================================
+ Coverage     61.75%   62.08%   +0.32%     
+ Complexity      207      198       -9     
============================================
  Files          2436     2558     +122     
  Lines        133233   140972    +7739     
  Branches      20636    21869    +1233     
============================================
+ Hits          82274    87516    +5242     
- Misses        44911    46830    +1919     
- Partials       6048     6626     +578
Flag Coverage Δ
custom-integration1 <0.01% <0.00%> (-0.01%) ⬇️
integration <0.01% <0.00%> (-0.01%) ⬇️
integration1 <0.01% <0.00%> (-0.01%) ⬇️
integration2 0.00% <0.00%> (ø)
java-11 62.02% <36.36%> (+0.31%) ⬆️
java-21 61.96% <36.36%> (+0.34%) ⬆️
skip-bytebuffers-false 62.04% <36.36%> (+0.29%) ⬆️
skip-bytebuffers-true 61.94% <36.36%> (+34.21%) ⬆️
temurin 62.08% <36.36%> (+0.32%) ⬆️
unittests 62.07% <36.36%> (+0.32%) ⬆️
unittests1 46.67% <36.36%> (-0.22%) ⬇️
unittests2 27.64% <0.00%> (-0.09%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

zhtaoxiang
zhtaoxiang commented Jul 12, 2024
View reviewed changes
pinot-common/src/test/java/org/apache/pinot/common/utils/tls/RenewableTlsUtilsTest.java
@@ -0,0 +1,367 @@
/**
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note to reviewers: there is no logic change, just rename the file name

xiangfu0
xiangfu0 reviewed Jul 14, 2024
View reviewed changes
pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java
if (keyStorePath == null && trustStorePath == null) {
// When neither keyStorePath nor trustStorePath is provided, a SSLFactory cannot be created. create SSLContext
// directly and use the default key manager and trust manager.
sc = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this guaranteed to be not null?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the protocol SSL is valid, so SSLContext.getInstance(SSL_CONTEXT_PROTOCOL) is guaranteed to be not null

@gortiz gortiz merged commit 697f58c into apache:master Jul 18, 2024
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xiangfu0 xiangfu0 xiangfu0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zhtaoxiang @codecov-commenter @xiangfu0 @gortiz