Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/3109#discussion_r228206921
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/StandardLoadBalanceProtocol.java
---
@@ -130,17 +130,14 @@ public void receiveFlowFiles(final Socket socket)
throws IOException {
final Set<String> certIdentities;
try {
certIdentities = getCertificateIdentities(sslSession);
-
- final String dn =
CertificateUtils.extractPeerDNFromSSLSocket(socket);
- peerDescription = CertificateUtils.extractUsername(dn);
} catch (final CertificateException e) {
throw new IOException("Failed to extract Client
Certificate", e);
}
logger.debug("Connection received from peer {}. Will perform
authorization against Client Identities '{}'",
peerDescription, certIdentities);
- authorizer.authorize(certIdentities);
+ peerDescription = authorizer.authorize(certIdentities);
--- End diff --
Wow, good catch, thanks! I wondered "How did I miss that?" but it turns out
that the system I tested it on was different than the system that I first
noticed the problem on. On the system I used to test, they ended up being the
same value :) Will push a new commit. At this point, we don't even need
'nodeName', just peerDescription.
---
