Github user JPercivall commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2113#discussion_r175304809
--- Diff:
nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
---
@@ -121,7 +119,7 @@ private void setupClient(ConfigurationContext context)
throws Exception {
RestClientBuilder builder = RestClient.builder(hh)
.setHttpClientConfigCallback(httpClientBuilder -> {
- if (sslService != null) {
+ if (sslService != null &&
sslService.isKeyStoreConfigured() && sslService.isTrustStoreConfigured()) {
try {
--- End diff --
Given that this is a callback, we probably want to move as much of the
logic out of here as possible. That way we can better handle any errors and
reduce performance cost if this is called multiple times. Currently, if there
is an error which hits line 145, the error will be caught and logged but it
will continue to create the http client as if nothing went wrong. What we
should probably do is have a final SSLContext which gets created above,
bubbling up any errors so that the CS doesn't enable in a bad state, and set
the SSLContext same way as below in the context.
---
