[
https://issues.apache.org/jira/browse/NIFI-8096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-8096:
-----------------------------------
Status: Patch Available (was: In Progress)
> Deprecate ClientAuth References in SslContextFactory and SSLContextService
> --------------------------------------------------------------------------
>
> Key: NIFI-8096
> URL: https://issues.apache.org/jira/browse/NIFI-8096
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Extensions, Security
> Affects Versions: 1.12.1
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Labels: security
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {{SslContextFactory}} in nifi-security-utils and {{SSLContextService}} in
> nifi-ssl-context-service-api include methods for creating an {{SSLContext}}
> based on a {{ClientAuth}} parameter. The
> {{SslContextFactory.initializeSSLContext()}} method calls
> {{setNeedClientAuth}} or {{setWantClientAuth}} on the default
> {{SSLParameters}} object according to the {{ClientAuth}} value provided.
> The default {{SSLParameters}} object returned from
> {{SSLContext.getDefaultSSLParameters()}} is a new copy for each invocation,
> which means that the value of {{ClientAuth}} passed to {{SslContextFactory}}
> does not influence whether client certificates will be required or requested.
> For this reason, the methods on {{SslContetFactory}} and
> {{SSLContextService}} that accept a ClientAuth parameter should be deprecated
> and references to these methods should be refactored.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
