Peter Turcsanyi created RANGER-4776:
---------------------------------------
Summary: SolrAuditDestination should use local SSLContext instead
of setting the system-wide default
Key: RANGER-4776
URL: https://issues.apache.org/jira/browse/RANGER-4776
Project: Ranger
Issue Type: Bug
Components: audit, plugins
Reporter: Peter Turcsanyi
SolrAuditDestination in Ranger Plugin connects to Solr via HTTPS. As part of
the SSL setup, [SolrAuditDestination overrides the system default
SSLContext|https://github.com/apache/ranger/blob/f3637ac0bb35b213cfed11e5ffe14d93268bc4fa/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java#L135]
with Ranger's keystore/truststore.
It has a side effect that other components in the embedding application (within
the same JVM) cannot use the original Java system truststore (cacerts) by
default.
The Solr HTTP client provides an option to set the SSL context locally (that is
for the Solr client only) instead of using the system-wide default and this
would be the preferred way to pass the SSL context in, without affecting other
components in the JVM.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
