[
https://issues.apache.org/jira/browse/SOLR-16679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christine Poerschke updated SOLR-16679:
---------------------------------------
Security: (was: Public)
> Fix solr.jetty.ssl.verifyClientHostName logging
> -----------------------------------------------
>
> Key: SOLR-16679
> URL: https://issues.apache.org/jira/browse/SOLR-16679
> Project: Solr
> Issue Type: Task
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Minor
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> In SOLR-16669, [~houston] found in https://github.com/apache/solr/pull/1367
> {quote}Main with #1366 included:
> {code:java}
> 2023-02-22 09:28:49.232 WARN (main) [] o.e.j.u.s.S.config Trusting all
> certificates configured for
> Client@1d901f20[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.233 WARN (main) [] o.e.j.u.s.S.config No Client
> EndPointIdentificationAlgorithm configured for
> Client@1d901f20[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.339 WARN (main) [] o.e.j.u.s.S.config Trusting all
> certificates configured for
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.339 WARN (main) [] o.e.j.u.s.S.config No Client
> EndPointIdentificationAlgorithm configured for
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> {code}
> Then with this change:
> {code:java}
> 2023-02-22 09:31:12.602 WARN (main) [] o.e.j.u.s.S.config No Client
> EndPointIdentificationAlgorithm configured for
> Client@2c9a6717[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:31:12.690 WARN (main) [] o.e.j.u.s.S.config No Client
> EndPointIdentificationAlgorithm configured for
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> {code}
> That is due to this line:
> {code:java}
> sslContextFactory.setEndpointIdentificationAlgorithm(
> System.getProperty("solr.jetty.ssl.verifyClientHostName"));
> {code}
> It seems like this stems from
> https://issues.apache.org/jira/browse/SOLR-14163, so we have the perfect
> people to discuss this @janhoy & @risdenk ! I'll leave it to y'all if we want
> to use "HTTPS" as the default. That will make the last 2 warnings go away. We
> can also deal with this in a different PR/issue if y'all want to, it's pretty
> unrelated. (I will say the SolrJ tests work with HTTPS as the default for
> this sysProp, so it will work for users using HTTP){quote}
> We should default to HTTPS if TLS is not enabled. It looks like we disable
> client hostname verification by default and the setting
> solr.jetty.ssl.verifyClientHostName only applies if TLS is enabled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
