[
https://issues.apache.org/jira/browse/NIFI-13962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-13962.
-------------------------------------
Resolution: Fixed
Please see the discussion on NIFI-7064 for the reasons related to removing the
trusted hostname property from InvokeHTTP.
At this time, this type of change will not be considered for inclusion due to
the inherent security risks associated with bypass TLS certificate verification.
> Overrride trusted hostname verification
> ----------------------------------------
>
> Key: NIFI-13962
> URL: https://issues.apache.org/jira/browse/NIFI-13962
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Pedro Oliveira
> Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Add a property "Trusted Hostname" to the configuration of the
> StandardSSLContextService Controller Service to allow to override the trusted
> hostname verification on the establishment of the HTTP connection to the HTTP
> server.
> This property if not empty should be set with the hostname and will be used
> to validate the hostname in the certificate.
> The property is need because there are situations in which the hostname in
> the certificate is different from the hostname of the server.
> This occurs when the server returns a certificate with an old hostname
> because it is not possible to generate a new certificate with the actual
> hostname.
> This property existed in NiFi old versions (<1.14) in the configuration of
> the processor InvokeHTTP but was removed in later versions.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
