[jira] [Commented] (SOLR-9304) SOLR_SSL_CHECK_PEER_NAME=false (aka -Dsolr.ssl.checkPeerName=false) has no effect
[
https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16449112#comment-16449112
]
Carlton Findley commented on SOLR-9304:
---
Thanks for getting this in.
> SOLR_SSL_CHECK_PEER_NAME=false (aka -Dsolr.ssl.checkPeerName=false) has no
> effect
> -
>
> Key: SOLR-9304
> URL: https://issues.apache.org/jira/browse/SOLR-9304
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
>Affects Versions: 7.0
>Reporter: Hoss Man
>Assignee: Hoss Man
>Priority: Major
> Fix For: 7.4
>
> Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch,
> SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch,
> SOLR-9304.patch, SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:
> boolean sslCheckPeerName =
> toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)),
> true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[
https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16421094#comment-16421094
]
Carlton Findley commented on SOLR-9304:
---
I found an additional issue when testing this out. To support the bin/solr
commandline tool, I had to add some logic there to read environment variables
into arguments passed to the JVM. Not sure this is the ideal way to do this but
does work. I have a patch but it is for 7.2.1, not main, so won't post here.
But this is the change for linux, similar change needs to be added to solr.cmd.
Then the solr.in.sh needs to have the value set. Added code in bold:
if [ -n "$SOLR_SSL_TRUST_STORE_TYPE" ]; then
SOLR_SSL_OPTS+="
-Djavax.net.ssl.trustStoreType=$SOLR_SSL_TRUST_STORE_TYPE"
fi
fi
*if [ -n "$SOLR_SSL_CHECK_PEER_NAME" ]; then*
*SOLR_SSL_OPTS+=" -Dsolr.ssl.checkPeerName=$SOLR_SSL_CHECK_PEER_NAME"*
*fi*
> -Dsolr.ssl.checkPeerName=false ignored on master
>
>
> Key: SOLR-9304
> URL: https://issues.apache.org/jira/browse/SOLR-9304
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
>Affects Versions: 7.0
>Reporter: Hoss Man
>Priority: Major
> Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch,
> SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:
> boolean sslCheckPeerName =
> toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)),
> true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[
https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16414073#comment-16414073
]
Carlton Findley commented on SOLR-9304:
---
Thanks for working on this!
> -Dsolr.ssl.checkPeerName=false ignored on master
>
>
> Key: SOLR-9304
> URL: https://issues.apache.org/jira/browse/SOLR-9304
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
>Affects Versions: 7.0
>Reporter: Hoss Man
>Priority: Major
> Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch,
> SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:
> boolean sslCheckPeerName =
> toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)),
> true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Comment Edited] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[
https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293500#comment-16293500
]
Carlton Findley edited comment on SOLR-9304 at 12/16/17 12:54 AM:
--
I tested out the previous patch and still saw the same behavior. I came up with
an alternative fix which works in my environment. I also added a couple of unit
tests. I added the updated patch for review.
was (Author: cargo_find17):
I tested out the previous patch and still saw the same behavior. I came up with
an alternative fix which works in my environment. I also added a couple of unit
tests.
> -Dsolr.ssl.checkPeerName=false ignored on master
>
>
> Key: SOLR-9304
> URL: https://issues.apache.org/jira/browse/SOLR-9304
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
>Affects Versions: 7.0
>Reporter: Hoss Man
> Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch,
> SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:
> boolean sslCheckPeerName =
> toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)),
> true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[
https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carlton Findley updated SOLR-9304:
--
Attachment: SOLR-9304.patch
I tested out the previous patch and still saw the same behavior. I came up with
an alternative fix which works in my environment. I also added a couple of unit
tests.
> -Dsolr.ssl.checkPeerName=false ignored on master
>
>
> Key: SOLR-9304
> URL: https://issues.apache.org/jira/browse/SOLR-9304
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
>Affects Versions: 7.0
>Reporter: Hoss Man
> Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch,
> SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:
> boolean sslCheckPeerName =
> toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)),
> true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[
https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16288400#comment-16288400
]
Carlton Findley commented on SOLR-9304:
---
Thanks for the patch!
> -Dsolr.ssl.checkPeerName=false ignored on master
>
>
> Key: SOLR-9304
> URL: https://issues.apache.org/jira/browse/SOLR-9304
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
>Affects Versions: 7.0
>Reporter: Hoss Man
> Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep
> SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:
> boolean sslCheckPeerName =
> toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)),
> true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:
> public static final String SYS_PROP_CHECK_PEER_NAME =
> "solr.ssl.checkPeerName";
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
