[
https://issues.apache.org/jira/browse/RANGER-4776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Turcsanyi reassigned RANGER-4776:
---------------------------------------
Assignee: Peter Turcsanyi
> SolrAuditDestination should use local SSLContext instead of setting the
> system-wide default
> -------------------------------------------------------------------------------------------
>
> Key: RANGER-4776
> URL: https://issues.apache.org/jira/browse/RANGER-4776
> Project: Ranger
> Issue Type: Bug
> Components: audit, plugins
> Reporter: Peter Turcsanyi
> Assignee: Peter Turcsanyi
> Priority: Major
>
> SolrAuditDestination in Ranger Plugin connects to Solr via HTTPS. As part of
> the SSL setup, [SolrAuditDestination overrides the system default
> SSLContext|https://github.com/apache/ranger/blob/f3637ac0bb35b213cfed11e5ffe14d93268bc4fa/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java#L135]
> with Ranger's keystore/truststore.
> It has a side effect that other components in the embedding application
> (within the same JVM) cannot use the original Java system truststore
> (cacerts) by default.
> The Solr HTTP client provides an option to set the SSL context locally (that
> is for the Solr client only) instead of using the system-wide default and
> this would be the preferred way to pass the SSL context in, without affecting
> other components in the JVM.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
