[Impala-ASF-CR] IMPALA-14452: Fix impala-shell SSL with Python 3.12

Fri, 17 Oct 2025 20:46:56 -0700 

Hello Laszlo Gaal, Csaba Ringhofer, Joe McDonnell, Impala Public Jenkins,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/23519

to look at the new patch set (#11).

Change subject: IMPALA-14452: Fix impala-shell SSL with Python 3.12
......................................................................

IMPALA-14452: Fix impala-shell SSL with Python 3.12

Removes deprecated ImpalaHttpClient constructor that supported port and
path as it has been deprecated since at least 2020 and appears unused.

Removes cert_file and key_file as they were also never used, and if
required must now be passed in via ssl_context.

Updates TSSLSocket fixes for Thrift 0.16 and Python 3.12. _validate_cert
was removed by Thrift 0.16, but everything worked because Thrift used
ssl.match_hostname instead. With Python 3.12 we need to bypass matching
that fails because ssl.match_hostname no longer exists and let OpenSSL
handle verification.

Uses ssl.PROTOCOL_TLS and ssl.PROTOCOL_TLS_CLIENT when available to
avoid deprecation warnings. Python 2.7.9 and 3.2 are minimum required
versions; both have been EOL for several years.

Testing:
- ran custom_cluster/test_client_ssl.py on Ubuntu 24 with Python 3.12,
  OpenSSL 3.0.13.
- ran custom_cluster/test_client_ssl.py on RHEL 7.9 with Python 2.7.5
  and Python 3.6.8, OpenSSL 1.0.2k-fips.
- adds test that hostname checking is configured.

Change-Id: I046a9010ac4cb1f7d705935054b306cddaf8bdc7
---
M setup.cfg
M shell/impala_shell/ImpalaHttpClient.py
A shell/impala_shell/TSSLSocketWithFixes.py
D shell/impala_shell/TSSLSocketWithWildcardSAN.py
M shell/impala_shell/impala_client.py
M shell/impala_shell/impala_shell.py
M tests/custom_cluster/test_client_ssl.py
7 files changed, 101 insertions(+), 227 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/19/23519/11
--
To view, visit http://gerrit.cloudera.org:8080/23519
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I046a9010ac4cb1f7d705935054b306cddaf8bdc7
Gerrit-Change-Number: 23519
Gerrit-PatchSet: 11
Gerrit-Owner: Michael Smith <[email protected]>
Gerrit-Reviewer: Csaba Ringhofer <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Reviewer: Joe McDonnell <[email protected]>
Gerrit-Reviewer: Laszlo Gaal <[email protected]>
Gerrit-Reviewer: Michael Smith <[email protected]>

Reply via email to