[jira] [Commented] (SOLR-16679) Fix solr.jetty.ssl.verifyClientHostName logging

Mon, 27 Feb 2023 09:03:07 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-16679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694091#comment-17694091
 ] 

ASF subversion and git services commented on SOLR-16679:
--------------------------------------------------------

Commit a004cde01e58cf4b94257d450ac3293a7aaca362 in solr's branch 
refs/heads/branch_9x from Kevin Risden
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=a004cde01e5 ]

SOLR-16679: Fix solr.jetty.ssl.verifyClientHostName logging (#1376)



> Fix solr.jetty.ssl.verifyClientHostName logging
> -----------------------------------------------
>
>                 Key: SOLR-16679
>                 URL: https://issues.apache.org/jira/browse/SOLR-16679
>             Project: Solr
>          Issue Type: Task
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Minor
>             Fix For: main (10.0)
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> In  SOLR-16669, [~houston] found in https://github.com/apache/solr/pull/1367
> {quote}Main with #1366 included:
> {code:java}
> 2023-02-22 09:28:49.232 WARN  (main) [] o.e.j.u.s.S.config Trusting all 
> certificates configured for 
> Client@1d901f20[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.233 WARN  (main) [] o.e.j.u.s.S.config No Client 
> EndPointIdentificationAlgorithm configured for 
> Client@1d901f20[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.339 WARN  (main) [] o.e.j.u.s.S.config Trusting all 
> certificates configured for 
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:28:49.339 WARN  (main) [] o.e.j.u.s.S.config No Client 
> EndPointIdentificationAlgorithm configured for 
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> {code}
> Then with this change:
> {code:java}
> 2023-02-22 09:31:12.602 WARN  (main) [] o.e.j.u.s.S.config No Client 
> EndPointIdentificationAlgorithm configured for 
> Client@2c9a6717[provider=null,keyStore=null,trustStore=null]
> 2023-02-22 09:31:12.690 WARN  (main) [] o.e.j.u.s.S.config No Client 
> EndPointIdentificationAlgorithm configured for 
> Client@760487aa[provider=null,keyStore=null,trustStore=null]
> {code}
> That is due to this line:
> {code:java}
> sslContextFactory.setEndpointIdentificationAlgorithm(
>         System.getProperty("solr.jetty.ssl.verifyClientHostName"));
> {code}
> It seems like this stems from 
> https://issues.apache.org/jira/browse/SOLR-14163, so we have the perfect 
> people to discuss this @janhoy & @risdenk ! I'll leave it to y'all if we want 
> to use "HTTPS" as the default. That will make the last 2 warnings go away. We 
> can also deal with this in a different PR/issue if y'all want to, it's pretty 
> unrelated. (I will say the SolrJ tests work with HTTPS as the default for 
> this sysProp, so it will work for users using HTTP){quote}
> We should default to HTTPS if TLS is not enabled. It looks like we disable 
> client hostname verification by default and the setting 
> solr.jetty.ssl.verifyClientHostName only applies if TLS is enabled.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to