[
https://issues.apache.org/jira/browse/NIFI-6196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeff Storck updated NIFI-6196:
------------------------------
Status: Patch Available (was: Open)
> Upgrade version of Jetty
> ------------------------
>
> Key: NIFI-6196
> URL: https://issues.apache.org/jira/browse/NIFI-6196
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.9.2
> Reporter: Jeff Storck
> Assignee: Jeff Storck
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Upgrade version of Jetty to 9.4.15.v20190215 from 9.4.11.v20180605.
> \\
> \\
> This upgrade is needed for building NiFi with Java 11.
> \\
> \\
> ||Issues encountered during upgrade||Resolution||
> |As of Jetty 9.4.15.v20190215, certificate verification has changed.
> Previous to version 9.4.15.v20190215,
> {{org.eclipse.jetty.util.ssl.SslContextFactory.getEndpointIdentificationAlgorithm()}}
> returned {{null}}. As of version 9.4.15.v20190215, that method returns
> {{"HTTPS"}}. This causes the {{SslContextFactory}} to verify the hostname on
> the other end of the connection, regardless of being used by a client or
> server. This works correctly for clients but results in a
> {{CertificateException}} on the server if the client cert does not contain
> the correct SAN. The following Jetty Github issues reference this scenario:
> * [https://github.com/eclipse/jetty.project/issues/3154]
> * [https://github.com/eclipse/jetty.project/issues/3454]
> * [https://github.com/eclipse/jetty.project/issues/3464]
> * [https://github.com/eclipse/jetty.project/issues/3466]|Update server
> SslContextFactory instances use
> {{org.eclipse.jetty.util.ssl.SslContextFactory.setEndpointIdentificationAlgorithm(null)}}|
> |Several tests use the same keystore between client and server:
> * ITestHandleHttpRequest
> * TestInvokeHttpSSL
> * TestInvokeHttpTwoWaySSL
> * TestListenHTTP|Update tests to use a separate keystore for clients|
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
