[ https://issues.apache.org/jira/browse/NIFI-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373381#comment-15373381 ]
Joseph Witt commented on NIFI-2186: ----------------------------------- [~mcgilman] can this be closed? > Cluster communication treats client and server sockets identically for peer > certificate DN extraction > ----------------------------------------------------------------------------------------------------- > > Key: NIFI-2186 > URL: https://issues.apache.org/jira/browse/NIFI-2186 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.0.0 > Reporter: Andy LoPresto > Assignee: Andy LoPresto > Priority: Critical > Labels: certificate, cluster, security, tls > Fix For: 1.0.0 > > > The code to extract the peer certificate DN is identical for client and > server {{SSLSocket}}, which means that servers are subject to the > {{nifi.security.needClientAuth}} setting being set to {{true}}. Server > certificates must be present in a secure connection regardless of this > setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the > {{master}} branch. -- This message was sent by Atlassian JIRA (v6.3.4#6332)