[jira] [Commented] (SOLR-9304) SOLR_SSL_CHECK_PEER_NAME=false (aka -Dsolr.ssl.checkPeerName=false) has no effect
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16449112#comment-16449112 ] Carlton Findley commented on SOLR-9304: --- Thanks for getting this in. > SOLR_SSL_CHECK_PEER_NAME=false (aka -Dsolr.ssl.checkPeerName=false) has no > effect > - > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Assignee: Hoss Man >Priority: Major > Fix For: 7.4 > > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16421094#comment-16421094 ] Carlton Findley commented on SOLR-9304: --- I found an additional issue when testing this out. To support the bin/solr commandline tool, I had to add some logic there to read environment variables into arguments passed to the JVM. Not sure this is the ideal way to do this but does work. I have a patch but it is for 7.2.1, not main, so won't post here. But this is the change for linux, similar change needs to be added to solr.cmd. Then the solr.in.sh needs to have the value set. Added code in bold: if [ -n "$SOLR_SSL_TRUST_STORE_TYPE" ]; then SOLR_SSL_OPTS+=" -Djavax.net.ssl.trustStoreType=$SOLR_SSL_TRUST_STORE_TYPE" fi fi *if [ -n "$SOLR_SSL_CHECK_PEER_NAME" ]; then* *SOLR_SSL_OPTS+=" -Dsolr.ssl.checkPeerName=$SOLR_SSL_CHECK_PEER_NAME"* *fi* > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16414073#comment-16414073 ] Carlton Findley commented on SOLR-9304: --- Thanks for working on this! > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Comment Edited] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293500#comment-16293500 ] Carlton Findley edited comment on SOLR-9304 at 12/16/17 12:54 AM: -- I tested out the previous patch and still saw the same behavior. I came up with an alternative fix which works in my environment. I also added a couple of unit tests. I added the updated patch for review. was (Author: cargo_find17): I tested out the previous patch and still saw the same behavior. I came up with an alternative fix which works in my environment. I also added a couple of unit tests. > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carlton Findley updated SOLR-9304: -- Attachment: SOLR-9304.patch I tested out the previous patch and still saw the same behavior. I came up with an alternative fix which works in my environment. I also added a couple of unit tests. > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16288400#comment-16288400 ] Carlton Findley commented on SOLR-9304: --- Thanks for the patch! > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org