[jira] [Updated] (SOLR-16679) Fix solr.jetty.ssl.verifyClientHostName logging

Wed, 22 Feb 2023 07:00:14 -0800 


     [ 
https://issues.apache.org/jira/browse/SOLR-16679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Risden updated SOLR-16679:
--------------------------------
    Status: Patch Available  (was: Open)

> Fix solr.jetty.ssl.verifyClientHostName logging
> -----------------------------------------------
>
>                 Key: SOLR-16679
>                 URL: https://issues.apache.org/jira/browse/SOLR-16679
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Minor
>
> In  SOLR-16669, [~houston] found in https://github.com/apache/solr/pull/1367
> {quote}Main with #1366 included:
> {code:java}
> 2023-02-22 09:28:49.232 WARN  (main) [] o.e.j.u.s.S.config Trusting all 
> certificates configured for 
> Client@1d901f20[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.233 WARN  (main) [] o.e.j.u.s.S.config No Client 
> EndPointIdentificationAlgorithm configured for 
> Client@1d901f20[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.339 WARN  (main) [] o.e.j.u.s.S.config Trusting all 
> certificates configured for 
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.339 WARN  (main) [] o.e.j.u.s.S.config No Client 
> EndPointIdentificationAlgorithm configured for 
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> {code}
> Then with this change:
> {code:java}
> 2023-02-22 09:31:12.602 WARN  (main) [] o.e.j.u.s.S.config No Client 
> EndPointIdentificationAlgorithm configured for 
> Client@2c9a6717[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:31:12.690 WARN  (main) [] o.e.j.u.s.S.config No Client 
> EndPointIdentificationAlgorithm configured for 
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> {code}
> That is due to this line:
> {code:java}
> sslContextFactory.setEndpointIdentificationAlgorithm(
>         System.getProperty("solr.jetty.ssl.verifyClientHostName"));
> {code}
> It seems like this stems from 
> https://issues.apache.org/jira/browse/SOLR-14163, so we have the perfect 
> people to discuss this @janhoy & @risdenk ! I'll leave it to y'all if we want 
> to use "HTTPS" as the default. That will make the last 2 warnings go away. We 
> can also deal with this in a different PR/issue if y'all want to, it's pretty 
> unrelated. (I will say the SolrJ tests work with HTTPS as the default for 
> this sysProp, so it will work for users using HTTP){quote}
> We should default to HTTPS if TLS is not enabled. It looks like we disable 
> client hostname verification by default and the setting 
> solr.jetty.ssl.verifyClientHostName only applies if TLS is enabled.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to