[
https://issues.apache.org/jira/browse/NIFI-8057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17243317#comment-17243317
]
David Handermann commented on NIFI-8057:
----------------------------------------
That makes sense. For the particular issue with the ListenGRPC Processor, the
previous behavior can be restored by refactoring to remove the call to
createSslContext() and removing the unnecessary references to
SSLContext.getProvider(), without changing the behavior of
SslContextFactory.createSslContext().
[~joewitt] Do you recommend addressing issues with other Processors under this
issue, or creating a new issue for each Processor impacted?
> Remove truststore check from SslContextFactory.createSslContext()
> -----------------------------------------------------------------
>
> Key: NIFI-8057
> URL: https://issues.apache.org/jira/browse/NIFI-8057
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.12.0, 1.12.1
> Reporter: Peter Turcsanyi
> Priority: Major
>
> NIFI-7407 introduced a check in {{SslContextFactory.createSslContext()}}: if
> KS is configured, then TS must be configured too
> ([https://github.com/apache/nifi/blob/857eeca3c7d4b275fd698430594e7fae4864feff/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java#L79])
> This constraint is too strict for server-style processors (like ListenGRPC)
> where only a KS is needed for 1-way SSL (and the presence of TS turns on
> 2-way SSL).
> The check should be removed/relieved.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
