[
https://issues.apache.org/jira/browse/SOLR-5868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13936381#comment-13936381
]
Steve Davids commented on SOLR-5868:
------------------------------------
In the current HttpClientUtil paradigm this can be achieved by retrieving the
url scheme and setting the hostname verifier on the SSLSocketFactory:
https://gist.github.com/sdavids13/9577027
If the HTTPClientBuilder approach is introduced (SOLR-5604) then it can be
simply done via:
{code}
HttpClientBuilder.create().useSystemProperties().setHostnameVerifier(new
AllowAllHostnameVerifier())...;
{code}
> HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname verifier
> to simplify SSL setup
> -------------------------------------------------------------------------------------------------
>
> Key: SOLR-5868
> URL: https://issues.apache.org/jira/browse/SOLR-5868
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 4.7
> Reporter: Steve Davids
> Fix For: 4.8
>
>
> The default HttpClient hostname verifier is the
> BROWSER_COMPATIBLE_HOSTNAME_VERIFIER which verifies the hostname that is
> being connected to matches the hostname presented within the certificate.
> This is meant to protect clients that are making external requests out across
> the internet, but requests within the the SOLR cluster should be trusted and
> can be relaxed to simplify the SSL/certificate setup process.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
