[
https://issues.apache.org/jira/browse/SOLR-12953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16859654#comment-16859654
]
Lucene/Solr QA commented on SOLR-12953:
---------------------------------------
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 6s{color}
| {color:red} SOLR-12953 does not apply to master. Rebase required? Wrong
Branch? See
https://wiki.apache.org/solr/HowToContribute#Creating_the_patch_file for help.
{color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Issue | SOLR-12953 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12946651/SOLR-12953.patch |
| Console output |
https://builds.apache.org/job/PreCommit-SOLR-Build/425/console |
| Powered by | Apache Yetus 0.7.0 http://yetus.apache.org |
This message was automatically generated.
> Support for TLS/SSL key alias configuration
> -------------------------------------------
>
> Key: SOLR-12953
> URL: https://issues.apache.org/jira/browse/SOLR-12953
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 7.5
> Reporter: Bram Van Dam
> Priority: Major
> Labels: patch
> Fix For: 7.5.1, 7.6
>
> Attachments: SOLR-12953.patch, SOLR-12953.patch
>
>
> As discussed on the mailing list:
> *Context:*
> There's a jetty-ssl.xml config file which configures Jetty's
> SslContextFactory using properties set in solr.in.sh, but it's incomplete for
> some purposes.
> *Problem:*
> I've noticed that no "certAlias" property is present. This means that when
> Jetty starts, it will pick an arbitrary (based on some internal order,
> apparently the newest?) key from the keystore to use. This is fine when
> you're only using your keystore for Solr and it only contains one key, but it
> makes life a lot more complicated in environments where keystores are managed
> and distributed to servers automagically.
> When you add a key to the keystore, you can assign an alias. Jetty can then
> use the key with that alias by means of its certAlias config property.
> The Solr documentation [1] confusingly assigns the alias "solr-ssl" to the
> key, but as far as I can tell this alias isn't actually used or referenced
> anywhere else.
> *Solution:*
> I'm currently dealing with a slightly more complicated TLS setup, so I'm
> attaching a patch which adds an extra config property in order to
> (optionally) specify the key alias. When the option is omitted, the old
> behaviour remains unchanged. Patch modifies the configuration and includes
> updates to the enabling-ssl documentation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
