[jira] [Commented] (NIFI-1907) SiteToSiteClient not properly using keystore and truststore properties

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-1907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293533#comment-15293533
 ] 

ASF GitHub Bot commented on NIFI-1907:
--------------------------------------

GitHub user bbende opened a pull request:

    https://github.com/apache/nifi/pull/457

    NIFI-1907 Moving lazy init of SSLContext...

    to StandardSiteToSiteClientConfig rather than the builder.
    
    Tested secure SiteToSite still working between two NiFi nodes, and now 
example Storm topology can also connect to a secured NiFi instance.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/bbende/nifi NIFI-1907

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/457.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #457
    
----
commit 25bae0fd890b53f2f201d1e5475d5d0e1708580e
Author: Bryan Bende <bbe...@apache.org>
Date:   2016-05-20T15:15:36Z

    NIFI-1907 Moving lazy init of SSLContext to StandardSiteToSiteClientConfig 
rather than the builder

----


> SiteToSiteClient not properly using keystore and truststore properties
> ----------------------------------------------------------------------
>
>                 Key: NIFI-1907
>                 URL: https://issues.apache.org/jira/browse/NIFI-1907
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 0.6.1
>            Reporter: Bryan Bende
>            Assignee: Bryan Bende
>             Fix For: 0.7.0
>
>
> SiteToSiteClient.Builder allows setting an SSLContext or setting all of the 
> individual SSL properties, it then has a method getSSLContext() which says 
> that if the sslContext is null return that, otherwise use the properties to 
> create one:
> https://github.com/apache/nifi/blob/e4b7e47836edf47042973e604005058c28eed23b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java#L575
> The problem is this getSSLContext() is never called. When the builder's 
> build() method is called, it passes the builder to 
> StandardSiteToSiteClientConfig and just assigns all the member variables with 
> direct access:
> https://github.com/apache/nifi/blob/e4b7e47836edf47042973e604005058c28eed23b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java#L722
> Later on in SocketClient it will call SiteToSiteClient.getSSLContext():
> https://github.com/apache/nifi/blob/e4b7e47836edf47042973e604005058c28eed23b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/socket/SocketClient.java#L52
> This will still be null here if only the SSL properties were initially 
> specified on the builder, and therefore won't end up creating an Https 
> connection and thus failing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)