[jira] [Commented] (MINIFI-303) MiNiFi nifi.security.need.ClientAuth property not working when set to false

Mon, 08 May 2017 09:10:01 -0700 

    [ 
https://issues.apache.org/jira/browse/MINIFI-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16001001#comment-16001001
 ] 

Kevin Doran commented on MINIFI-303:
------------------------------------

[~phrocker] - good point, I had not considered that. I will investigate and if, 
as you suggest, the proper logic needed for nifi.security.need.ClientAuth=false 
results in missing required inputs to setup other components, then I will 
instead resolve this ticket by removing this option and updating the README to 
include setting a client key as a required step.

> MiNiFi nifi.security.need.ClientAuth property not working when set to false
> ---------------------------------------------------------------------------
>
>                 Key: MINIFI-303
>                 URL: https://issues.apache.org/jira/browse/MINIFI-303
>             Project: Apache NiFi MiNiFi
>          Issue Type: Bug
>          Components: Agent Configuration/Installation, C++
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>            Priority: Minor
>
> The property {{nifi.security.need.ClientAuth=false}} has no effect (ie, the 
> application will operate as if {{nifi.security.need.ClientAuth=true}}
> Steps to reproduce:
> In conf/minifi.properties, set:
> {noformat}
> nifi.security.need.ClientAuth=false
> {noformat}
> At runtime, observe in minifi-app.log.txt:
> {noformat}
> [2017-05-08 11:21] [minifi log] [error] Certificate and Private Key PEM file
>  not configured, error: Undefined error: 0.
> {noformat}
> At a quick glance, it looks like this is a bug in the logic in 
> nifi-minifi-cpp/libminifi/src/io/tls/TLSSocket.cpp. In that file, back 
> tracing from the error string, it appears the conditional that gates loading 
> the Certificate and Private Key PEM file properties is incorrect when 
> nifi.security.need.ClientAuth=false. 
> Should be a simple fix, and it's not clear to me if there is even any 
> functionality impact, ie, its possible that trying and failing to 
> authenticate the client results in the same end state as not trying to 
> authenticate the client (aside from the confusing error message).



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to