Kevin Doran created MINIFI-303:
----------------------------------
Summary: MiNiFi nifi.security.need.ClientAuth property not working
when set to false
Key: MINIFI-303
URL: https://issues.apache.org/jira/browse/MINIFI-303
Project: Apache NiFi MiNiFi
Issue Type: Bug
Components: Agent Configuration/Installation, C++
Reporter: Kevin Doran
Assignee: Kevin Doran
Priority: Minor
The property {{nifi.security.need.ClientAuth=false}} has no effect (ie, the
application will operate as if {{nifi.security.need.ClientAuth=true}}
Steps to reproduce:
In {{conf/minifi.properties}}, set:
{noformat}
nifi.security.need.ClientAuth=false
{noformat}
At runtime, observe in {{minifi-app.log.txt}}:
{noformat}
[2017-05-08 11:21] [minifi log] [error] Certificate and Private Key PEM file
not configured, error: Undefined error: 0.
{noformat}
At a quick glance, it looks like this is a bug in the logic in
{{nifi-minifi-cpp/libminifi/src/io/tls/TLSSocket.cpp}}. In that file, back
tracing from the error string, it appears the conditional that gates loading
the Certificate and Private Key PEM file properties is incorrect when
{{nifi.security.need.ClientAuth=false}}.
Should be a simple fix, and it's not clear to me if there is even any
functionality impact, ie, its possible that trying and failing to authenticate
the client results in the same end state as not trying to authenticate the
client (aside from the confusing error message).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
