GitHub user alopresto opened a pull request:
https://github.com/apache/nifi/pull/611
NIFI-2119 Fixed 0.7.0 release blocker for cluster secure communications
The client and server sockets were being treated the same when attempting
to extract the peer certificate DN (server sockets should not be subject to the
influence of `nifi.security.needClientAuth` in `nifi.properties`).
This has been tested on 2- and 3-node clusters with `needClientAuth` set to
both *true* and *false*.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/alopresto/nifi NIFI-2119
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/611.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #611
----
commit 361e07a78cd0abd52b5ab144b7cdeba60af17ede
Author: Andy LoPresto <[email protected]>
Date: 2016-07-05T04:05:58Z
NIFI-2119 Refactored CertificateUtils to separate logic for DN extraction
from server/client sockets. Added logic to detect server/client mode
encapsulated in exposed method.
Added unit tests for DN extraction.
Corrected typo in Javadoc.
commit bed4bb3046e97aa719624df846a2c2b86015fe6d
Author: Andy LoPresto <[email protected]>
Date: 2016-07-06T17:05:44Z
NIFI-2119 Switched server/client socket logic for certificate extraction --
when the local socket is in client/server mode, the peer is necessarily the
inverse.
Fixed unit tests.
Moved lazy-loading authentication access out of isDebugEnabled() control
branch.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
