Larry McCay created KNOX-1346:
---------------------------------
Summary: SNI Mismatch Failures due to Wrong Host Header
Key: KNOX-1346
URL: https://issues.apache.org/jira/browse/KNOX-1346
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 1.1.0
It has come to my attention that proxying various services is failing when
access to the backend service is over TLS due to an SNI Mismatch. This is due
to the Host header not matching the Server Name Indicator (SNI).
We have been doing a combination of excluding the Host header from being
dispatched to some services while sending a Host header that was what the
client used to call Knox gateway. Both of these conditions are violations of
the SNI rules. I think that recent Jetty upgrades may have introduced
enforcement of these rules where it didn't exist previously.
This change changes the Host header to be the host of the targetUrl within the
UrlRewriteRequest. This should always be correct.
It will also remove the recent update to the the AtlasHaDispatch to allow the
Host header to be sent again in order to avoid issues with it missing.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
