[
https://issues.apache.org/jira/browse/NIFI-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15372118#comment-15372118
]
ASF GitHub Bot commented on NIFI-2186:
--------------------------------------
Github user mcgilman commented on the issue:
https://github.com/apache/nifi/pull/622
Looks good @alopresto! Thanks, this has been merged to master.
> Cluster communication treats client and server sockets identically for peer
> certificate DN extraction
> -----------------------------------------------------------------------------------------------------
>
> Key: NIFI-2186
> URL: https://issues.apache.org/jira/browse/NIFI-2186
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Critical
> Labels: certificate, cluster, security, tls
> Fix For: 1.0.0
>
>
> The code to extract the peer certificate DN is identical for client and
> server {{SSLSocket}}, which means that servers are subject to the
> {{nifi.security.needClientAuth}} setting being set to {{true}}. Server
> certificates must be present in a secure connection regardless of this
> setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the
> {{master}} branch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
