[jira] [Commented] (SOLR-4839) Jetty 9

Thu, 23 Apr 2015 18:47:48 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-4839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14510329#comment-14510329
 ] 

Steve Davids commented on SOLR-4839:
------------------------------------

Looks  good, though we might want to think about *not* reusing the 
javax.net.ssl.* for the jetty key/trust store configuration. I could think of a 
few cases where you might want to make the two different, ie one value for the 
client request and one value for the jetty connector, unless of course the 
recommendation is to only use self-signed certs for both client and server. 
Though, maybe the solr.in.sh could have something like:
{code}
SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
SOLR_SSL_KEY_STORE_PASSWORD=secret
SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
SOLR_SSL_TRUST_STORE_PASSWORD=secret
#### OVERRIDE PREVIOUSLY DEFINED SSL VALUES FOR HTTP CLIENT IF NECESSARY ######
#SOLR_SSL_CLIENT_KEY_STORE=
#SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
#SOLR_SSL_CLIENT_TRUST_STORE=
#SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
{code}

Then the solr startup script can set the javax.net.ssl.* system properties for 
the client side + create something like jetty.ssl.truststore/keystore/etc on 
the jetty server side. This would allow a little bit more flexibility for 
people who might want to use a different certificate or trust store between the 
http client and server, though this really is getting more on a fringe  use 
case.

> Jetty 9
> -------
>
>                 Key: SOLR-4839
>                 URL: https://issues.apache.org/jira/browse/SOLR-4839
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Bill Bell
>            Assignee: Shalin Shekhar Mangar
>             Fix For: Trunk, 5.2
>
>         Attachments: SOLR-4839-conform-jetty9_2_10.patch, 
> SOLR-4839-conform-jetty9_2_10.patch, SOLR-4839-fix-eclipse.patch, 
> SOLR-4839-jetty9.2.10, SOLR-4839-mod-JettySolrRunner.patch, 
> SOLR-4839-ssl-support_patch.patch, SOLR-4839-ssl-support_patch.patch, 
> SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, 
> SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, 
> SOLR-4839.patch
>
>
> Implement Jetty 9



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to