[jira] [Updated] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master

Tue, 12 Dec 2017 13:26:10 -0800 

     [ 
https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shawn Heisey updated SOLR-9304:
-------------------------------
    Attachment: SOLR-9304.patch

With some help from [~hossman], I was able to eliminate the deprecated code.

Apparently directly setting things like the hostname verifier can be overridden 
by other configuration, particularly by setting an SSL context.  I didn't see 
that being done in the code, but it's something that could be added later.

I did put nocommit in the patch -- I think we need a test that can verify that 
disabling hostname verification with a sysprop actually works.

> -Dsolr.ssl.checkPeerName=false ignored on master
> ------------------------------------------------
>
>                 Key: SOLR-9304
>                 URL: https://issues.apache.org/jira/browse/SOLR-9304
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 7.0
>            Reporter: Hoss Man
>         Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep 
> checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:  
> public static final String SYS_PROP_CHECK_PEER_NAME = 
> "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep 
> SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:      
> boolean sslCheckPeerName = 
> toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)),
>  true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:  
> public static final String SYS_PROP_CHECK_PEER_NAME = 
> "solr.ssl.checkPeerName";
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to