[ https://issues.apache.org/jira/browse/NIFI-6196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Storck updated NIFI-6196: ------------------------------ Status: Patch Available (was: Open) > Upgrade version of Jetty > ------------------------ > > Key: NIFI-6196 > URL: https://issues.apache.org/jira/browse/NIFI-6196 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Affects Versions: 1.9.2 > Reporter: Jeff Storck > Assignee: Jeff Storck > Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Upgrade version of Jetty to 9.4.15.v20190215 from 9.4.11.v20180605. > \\ > \\ > This upgrade is needed for building NiFi with Java 11. > \\ > \\ > ||Issues encountered during upgrade||Resolution|| > |As of Jetty 9.4.15.v20190215, certificate verification has changed. > Previous to version 9.4.15.v20190215, > {{org.eclipse.jetty.util.ssl.SslContextFactory.getEndpointIdentificationAlgorithm()}} > returned {{null}}. As of version 9.4.15.v20190215, that method returns > {{"HTTPS"}}. This causes the {{SslContextFactory}} to verify the hostname on > the other end of the connection, regardless of being used by a client or > server. This works correctly for clients but results in a > {{CertificateException}} on the server if the client cert does not contain > the correct SAN. The following Jetty Github issues reference this scenario: > * [https://github.com/eclipse/jetty.project/issues/3154] > * [https://github.com/eclipse/jetty.project/issues/3454] > * [https://github.com/eclipse/jetty.project/issues/3464] > * [https://github.com/eclipse/jetty.project/issues/3466]|Update server > SslContextFactory instances use > {{org.eclipse.jetty.util.ssl.SslContextFactory.setEndpointIdentificationAlgorithm(null)}}| > |Several tests use the same keystore between client and server: > * ITestHandleHttpRequest > * TestInvokeHttpSSL > * TestInvokeHttpTwoWaySSL > * TestListenHTTP|Update tests to use a separate keystore for clients| > -- This message was sent by Atlassian JIRA (v7.6.3#76005)