[
https://issues.apache.org/jira/browse/SOLR-12953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16673529#comment-16673529
]
Lucene/Solr QA commented on SOLR-12953:
---------------------------------------
| (/) *{color:green}+1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
|| || || || {color:brown} Prechecks {color} ||
|| || || || {color:brown} master Compile Tests {color} ||
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} Release audit (RAT) {color} |
{color:green} 0m 6s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} Validate source patterns {color} |
{color:green} 0m 6s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} Validate ref guide {color} |
{color:green} 0m 6s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:black}{color} | {color:black} {color} | {color:black} 1m 58s{color} |
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Issue | SOLR-12953 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12946651/SOLR-12953.patch |
| Optional Tests | validatesourcepatterns ratsources validaterefguide |
| uname | Linux lucene2-us-west.apache.org 4.4.0-112-generic #135-Ubuntu SMP
Fri Jan 19 11:48:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | ant |
| Personality |
/home/jenkins/jenkins-slave/workspace/PreCommit-SOLR-Build/sourcedir/dev-tools/test-patch/lucene-solr-yetus-personality.sh
|
| git revision | master / 31d7dfe |
| ant | version: Apache Ant(TM) version 1.9.6 compiled on July 20 2018 |
| modules | C: solr solr/server solr/solr-ref-guide U: solr |
| Console output |
https://builds.apache.org/job/PreCommit-SOLR-Build/216/console |
| Powered by | Apache Yetus 0.7.0 http://yetus.apache.org |
This message was automatically generated.
> Support for TLS/SSL key alias configuration
> -------------------------------------------
>
> Key: SOLR-12953
> URL: https://issues.apache.org/jira/browse/SOLR-12953
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 7.5
> Reporter: Bram Van Dam
> Priority: Major
> Labels: patch
> Fix For: 7.5.1
>
> Attachments: SOLR-12953.patch, SOLR-12953.patch
>
>
> As discussed on the mailing list:
> *Context:*
> There's a jetty-ssl.xml config file which configures Jetty's
> SslContextFactory using properties set in solr.in.sh, but it's incomplete for
> some purposes.
> *Problem:*
> I've noticed that no "certAlias" property is present. This means that when
> Jetty starts, it will pick an arbitrary (based on some internal order,
> apparently the newest?) key from the keystore to use. This is fine when
> you're only using your keystore for Solr and it only contains one key, but it
> makes life a lot more complicated in environments where keystores are managed
> and distributed to servers automagically.
> When you add a key to the keystore, you can assign an alias. Jetty can then
> use the key with that alias by means of its certAlias config property.
> The Solr documentation [1] confusingly assigns the alias "solr-ssl" to the
> key, but as far as I can tell this alias isn't actually used or referenced
> anywhere else.
> *Solution:*
> I'm currently dealing with a slightly more complicated TLS setup, so I'm
> attaching a patch which adds an extra config property in order to
> (optionally) specify the key alias. When the option is omitted, the old
> behaviour remains unchanged. Patch modifies the configuration and includes
> updates to the enabling-ssl documentation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
