[
https://issues.apache.org/jira/browse/NIFI-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373381#comment-15373381
]
Joseph Witt commented on NIFI-2186:
-----------------------------------
[~mcgilman] can this be closed?
> Cluster communication treats client and server sockets identically for peer
> certificate DN extraction
> -----------------------------------------------------------------------------------------------------
>
> Key: NIFI-2186
> URL: https://issues.apache.org/jira/browse/NIFI-2186
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Critical
> Labels: certificate, cluster, security, tls
> Fix For: 1.0.0
>
>
> The code to extract the peer certificate DN is identical for client and
> server {{SSLSocket}}, which means that servers are subject to the
> {{nifi.security.needClientAuth}} setting being set to {{true}}. Server
> certificates must be present in a secure connection regardless of this
> setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the
> {{master}} branch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
