This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new b070b5c1915 SOLR-16669: Fix default checkPeerName in Http2SolrClient
(#1367)
b070b5c1915 is described below
commit b070b5c19159962f77017901a0fcf03afac01a66
Author: Houston Putman <[email protected]>
AuthorDate: Thu Feb 23 00:55:59 2023 -0800
SOLR-16669: Fix default checkPeerName in Http2SolrClient (#1367)
---
solr/CHANGES.txt | 2 ++
.../modules/upgrade-notes/pages/major-changes-in-solr-9.adoc | 4 ++++
.../src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java | 5 +----
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index f132187e6c5..d20115bca00 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -223,6 +223,8 @@ Bug Fixes
* SOLR-16668: Use default to Java SSL for Http2SolrClient when none is
provided (Houston Putman)
+* SOLR-16669: Http2SolrClient now defaults checkPeerName to True, as the
documentation specified (Houston Putman)
+
Build
---------------------
* Upgrade forbiddenapis to 3.4 (Uwe Schindler)
diff --git
a/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc
b/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc
index 0fe8d6e7cc7..d549c39ab6d 100644
---
a/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc
+++
b/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc
@@ -76,6 +76,10 @@ This is an improvement to the binary release artifact, but
Jetty does not allow
The `server/contexts/solr-jetty-context.xml` now explicitly removes these
restrictions, allowing Solr to share these "server" jars which now live in
`server/lib/ext`.
* The "Transient Cores" feature is now deprecated.
+=== SSL Configuration
+* When using Solr (or SolrJ) with an SSL-enabled Solr cluster using HTTP2, the
default `-Dsolr.ssl.checkPeerName` value is now *true*.
+This is what has been documented in
xref:deployment-guide:enabling-ssl.adoc#start-solrcloud[Enabling SSL], and
matches the functionality of the original `HttpSolrClient`.
+
=== Tracing
* A new `opentelemetry` module is added, with support for OTEL tracing in
`OTLP` format using gRPC.
At the same time, the `jaegertracer-configurator` module is deprecated for
removal in Solr 10.
diff --git
a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
index 7ddd5413610..91cfe4a119b 100644
--- a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
+++ b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
@@ -1241,10 +1241,7 @@ public class Http2SolrClient extends SolrClient {
/* package-private for testing */
static SslContextFactory.Client getDefaultSslContextFactory() {
String checkPeerNameStr =
System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
- boolean sslCheckPeerName = true;
- if (checkPeerNameStr == null ||
"false".equalsIgnoreCase(checkPeerNameStr)) {
- sslCheckPeerName = false;
- }
+ boolean sslCheckPeerName = !"false".equalsIgnoreCase(checkPeerNameStr);
SslContextFactory.Client sslContextFactory = new
SslContextFactory.Client(!sslCheckPeerName);
