Ok, after more digging around I found this: https://issues.apache.org/jira/browse/SOLR-9304
This answers my first question. Currently (7x) there is no way to turn on/off SSL hostname verification. That may be good or it may be bad depending on how you view hostname verification. The answer to question two, I believe is that it's always on in 7x. Joel Bernstein http://joelsolr.blogspot.com/ On Wed, Dec 13, 2017 at 1:57 PM, Joel Bernstein <[email protected]> wrote: > I'm looking for how SSL hostname verification can turned off and on in > Solr and I have been confused by the startup parameter: > > -Dsolr.ssl.checkPeerName=false. > > > From what I can see this parameter sets the value for: HttpClientUtil. > SYS_PROP_CHECK_PEER_NAME. > > This property appears to only be used in the test framework though, > specifically in the: SSLTestConfig > > So it appears that -Dsolr.ssl.checkPeerName=false has no effect on a > running Solr instance. > > But the documentation says the following: > > "If you created your SSL key without all DNS names/IP addresses on which > Solr nodes will run, you can tell Solr to skip hostname verification for > inter-Solr-node communications by setting the solr.ssl.checkPeerName system > property to false" > > > > So the documentation appears to be incorrect. > > > This brings up two questions: > > > Does anyone know if there is a way to turn off and on SSL hostname > verification in Solr? > > > Does anyone know what the default behavior for SSL hostname verification > is in Solr? > > > Joel Bernstein > http://joelsolr.blogspot.com/ >
