[jira] [Created] (SOLR-10025) SOLR_SSL_OPTS are ignored in bin\solr.cmd

Mon, 23 Jan 2017 05:34:54 -0800 

Andy Hind created SOLR-10025:
--------------------------------

             Summary: SOLR_SSL_OPTS are ignored in bin\solr.cmd
                 Key: SOLR-10025
                 URL: https://issues.apache.org/jira/browse/SOLR-10025
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
    Affects Versions: 6.3
            Reporter: Andy Hind


SSL config fails on windows.
Requires fixes for late binding.
See !SOLR_SSL_OPTS! below 


{code}
REM Select HTTP OR HTTPS related configurations
set SOLR_URL_SCHEME=http
set "SOLR_JETTY_CONFIG=--module=http"
set "SOLR_SSL_OPTS= "
IF DEFINED SOLR_SSL_KEY_STORE (
  set "SOLR_JETTY_CONFIG=--module=https"
  set SOLR_URL_SCHEME=https
  set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!"
  set "SOLR_SSL_OPTS=-Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE% 
-Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD% 
-Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE% 
-Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD% 
-Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH% 
-Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%"
  IF DEFINED SOLR_SSL_CLIENT_KEY_STORE  (
    set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! 
-Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE% 
-Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD% 
-Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE% 
-Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%"
  ) ELSE (
    set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! 
-Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE% 
-Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD% 
-Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE% 
-Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%"
  )
) ELSE (
  set SOLR_SSL_OPTS=
)
{code}

We also use a non default keystore type and have to disable perr name chekcking:
{code}

-a "......... -Djavax.net.ssl.keyStoreType=JCEKS 
-Djavax.net.ssl.trustStoreType=JCEKS -Dsolr.ssl.checkPeerName=false"
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to