[
https://issues.apache.org/jira/browse/MINIFI-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16000990#comment-16000990
]
marco polo commented on MINIFI-303:
-----------------------------------
That class had a lot of copy and paste from the original code so some of these
assumptions still exist. I'm not sure if that setting is useful. If you fix it,
does openssl function as intended? if not, then there is no need for that
option.
> MiNiFi nifi.security.need.ClientAuth property not working when set to false
> ---------------------------------------------------------------------------
>
> Key: MINIFI-303
> URL: https://issues.apache.org/jira/browse/MINIFI-303
> Project: Apache NiFi MiNiFi
> Issue Type: Bug
> Components: Agent Configuration/Installation, C++
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Priority: Minor
>
> The property {{nifi.security.need.ClientAuth=false}} has no effect (ie, the
> application will operate as if {{nifi.security.need.ClientAuth=true}}
> Steps to reproduce:
> In conf/minifi.properties, set:
> {noformat}
> nifi.security.need.ClientAuth=false
> {noformat}
> At runtime, observe in minifi-app.log.txt:
> {noformat}
> [2017-05-08 11:21] [minifi log] [error] Certificate and Private Key PEM file
> not configured, error: Undefined error: 0.
> {noformat}
> At a quick glance, it looks like this is a bug in the logic in
> nifi-minifi-cpp/libminifi/src/io/tls/TLSSocket.cpp. In that file, back
> tracing from the error string, it appears the conditional that gates loading
> the Certificate and Private Key PEM file properties is incorrect when
> nifi.security.need.ClientAuth=false.
> Should be a simple fix, and it's not clear to me if there is even any
> functionality impact, ie, its possible that trying and failing to
> authenticate the client results in the same end state as not trying to
> authenticate the client (aside from the confusing error message).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
