This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new 8130dc5924e SOLR-16669: Fix default checkPeerName in Http2SolrClient
(#1367)
8130dc5924e is described below
commit 8130dc5924e6a0b3366e29e16db9c4cb71e586d5
Author: Houston Putman <[email protected]>
AuthorDate: Thu Feb 23 00:55:59 2023 -0800
SOLR-16669: Fix default checkPeerName in Http2SolrClient (#1367)
(cherry picked from commit b070b5c19159962f77017901a0fcf03afac01a66)
---
solr/CHANGES.txt | 2 ++
.../modules/upgrade-notes/pages/major-changes-in-solr-9.adoc | 4 ++++
.../src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java | 5 +----
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index d73dfeaa3a0..d5cfe7d0359 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -193,6 +193,8 @@ Bug Fixes
* SOLR-16668: Use default to Java SSL for Http2SolrClient when none is
provided (Houston Putman)
+* SOLR-16669: Http2SolrClient now defaults checkPeerName to True, as the
documentation specified (Houston Putman)
+
Build
---------------------
* Upgrade forbiddenapis to 3.4 (Uwe Schindler)
diff --git
a/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc
b/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc
index 0fe8d6e7cc7..d549c39ab6d 100644
---
a/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc
+++
b/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc
@@ -76,6 +76,10 @@ This is an improvement to the binary release artifact, but
Jetty does not allow
The `server/contexts/solr-jetty-context.xml` now explicitly removes these
restrictions, allowing Solr to share these "server" jars which now live in
`server/lib/ext`.
* The "Transient Cores" feature is now deprecated.
+=== SSL Configuration
+* When using Solr (or SolrJ) with an SSL-enabled Solr cluster using HTTP2, the
default `-Dsolr.ssl.checkPeerName` value is now *true*.
+This is what has been documented in
xref:deployment-guide:enabling-ssl.adoc#start-solrcloud[Enabling SSL], and
matches the functionality of the original `HttpSolrClient`.
+
=== Tracing
* A new `opentelemetry` module is added, with support for OTEL tracing in
`OTLP` format using gRPC.
At the same time, the `jaegertracer-configurator` module is deprecated for
removal in Solr 10.
diff --git
a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
index 7ddd5413610..91cfe4a119b 100644
--- a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
+++ b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
@@ -1241,10 +1241,7 @@ public class Http2SolrClient extends SolrClient {
/* package-private for testing */
static SslContextFactory.Client getDefaultSslContextFactory() {
String checkPeerNameStr =
System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
- boolean sslCheckPeerName = true;
- if (checkPeerNameStr == null ||
"false".equalsIgnoreCase(checkPeerNameStr)) {
- sslCheckPeerName = false;
- }
+ boolean sslCheckPeerName = !"false".equalsIgnoreCase(checkPeerNameStr);
SslContextFactory.Client sslContextFactory = new
SslContextFactory.Client(!sslCheckPeerName);
