exceptionfactory commented on a change in pull request #4737:
URL: https://github.com/apache/nifi/pull/4737#discussion_r552900595
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenHTTP.java
##########
@@ -193,7 +193,7 @@
.description("Client Authentication policy for TLS connections.
Required when SSL Context Service configured.")
.required(false)
.allowableValues(ClientAuth.values())
- .defaultValue(ClientAuth.REQUIRED.name())
Review comment:
Previous behavior inferred requiring a client certificate when the
`SSLContextService` was configured with trust store properties, falling back to
wanting a client certificate in the absence of trust store properties. Making
`REQUIRED` the default value going forward sounds like the best approach.
Perhaps putting a comment in future release notes indicating this change in
behavior would be worthwhile for users of `ListenHTTP` who do not require
clients to provide certificates.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
