[ https://issues.apache.org/jira/browse/SOLR-12354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16499068#comment-16499068 ]
Lucene/Solr QA commented on SOLR-12354: --------------------------------------- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 6s{color} | {color:red} SOLR-12354 does not apply to master. Rebase required? Wrong Branch? See https://wiki.apache.org/solr/HowToContribute#Creating_the_patch_file for help. {color} | \\ \\ || Subsystem || Report/Notes || | JIRA Issue | SOLR-12354 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12926081/SOLR-12354.patch | | Console output | https://builds.apache.org/job/PreCommit-SOLR-Build/110/console | | Powered by | Apache Yetus 0.7.0 http://yetus.apache.org | This message was automatically generated. > org.apache.solr.security.PKIAuthenticationPlugin does not check response code > when retrieving remotePublicKey > ------------------------------------------------------------------------------------------------------------- > > Key: SOLR-12354 > URL: https://issues.apache.org/jira/browse/SOLR-12354 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication > Affects Versions: 6.6.2, 6.6.3 > Reporter: hamada > Assignee: Noble Paul > Priority: Major > Attachments: SOLR-12354.patch > > > in decipherHeader(), if keyCache does not contain the key of interest, then a > remote call is made to retrieve the key from the remote host, by calling > getRemotePublicKey, which fails if the server returns an html error page. > e.g.: > org.noggit.JSONParser$ParseException: JSON Parse Error: char=<,position=0 > BEFORE='<' AFTER='html> <head> <meta http-equiv="Content-' at > org.noggit.JSONParser.err(JSONParser.java:356) ~[noggit-0.6.jar:?] at > org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:712) > ~[noggit-0.6.jar:?] at org.noggit.JSONParser.next(JSONParser.java:886) > ~[noggit-0.6.jar:?] at org.noggit.JSONParser.nextEvent(JSONParser.java:930) > ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:44) > ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:37) > ~[noggit-0.6.jar:?] -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org