[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16447391#comment-16447391 ] ASF subversion and git services commented on SOLR-9304: --- Commit 4e0e8e979b66abdf0778fc0ea86ae5ef5d8f2f91 in lucene-solr's branch refs/heads/master from Chris Hostetter [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=4e0e8e9 ] SOLR-9304: Fix Solr's HTTP handling to respect '-Dsolr.ssl.checkPeerName=false' aka SOLR_SSL_CHECK_PEER_NAME > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16447390#comment-16447390 ] ASF subversion and git services commented on SOLR-9304: --- Commit 2dffe4ed59e6bf7230b9d1a363bc208182afa5a6 in lucene-solr's branch refs/heads/branch_7x from Chris Hostetter [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=2dffe4e ] SOLR-9304: Fix Solr's HTTP handling to respect '-Dsolr.ssl.checkPeerName=false' aka SOLR_SSL_CHECK_PEER_NAME (cherry picked from commit 4e0e8e979b66abdf0778fc0ea86ae5ef5d8f2f91) > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16445401#comment-16445401 ] Lucene/Solr QA commented on SOLR-9304: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 2 new or modified test files. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:green}+1{color} | {color:green} compile {color} | {color:green} 2m 8s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} compile {color} | {color:green} 2m 5s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 2m 5s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} Release audit (RAT) {color} | {color:green} 1m 47s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} Check forbidden APIs {color} | {color:green} 1m 33s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} Validate source patterns {color} | {color:green} 1m 33s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} Validate ref guide {color} | {color:green} 1m 34s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red} 60m 15s{color} | {color:red} core in the patch failed. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 5m 4s{color} | {color:green} solrj in the patch passed. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 0m 46s{color} | {color:green} test-framework in the patch passed. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 73m 56s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | solr.cloud.autoscaling.IndexSizeTriggerTest | \\ \\ || Subsystem || Report/Notes || | JIRA Issue | SOLR-9304 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12919899/SOLR-9304.patch | | Optional Tests | validatesourcepatterns compile javac unit ratsources checkforbiddenapis validaterefguide | | uname | Linux lucene1-us-west 3.13.0-88-generic #135-Ubuntu SMP Wed Jun 8 21:10:42 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | ant | | Personality | /home/jenkins/jenkins-slave/workspace/PreCommit-SOLR-Build/sourcedir/dev-tools/test-patch/lucene-solr-yetus-personality.sh | | git revision | master / 5ef43e9 | | ant | version: Apache Ant(TM) version 1.9.3 compiled on April 8 2014 | | Default Java | 1.8.0_152 | | unit | https://builds.apache.org/job/PreCommit-SOLR-Build/62/artifact/out/patch-unit-solr_core.txt | | Test Results | https://builds.apache.org/job/PreCommit-SOLR-Build/62/testReport/ | | modules | C: solr solr/core solr/solrj solr/solr-ref-guide solr/test-framework U: solr | | Console output | https://builds.apache.org/job/PreCommit-SOLR-Build/62/console | | Powered by | Apache Yetus 0.7.0 http://yetus.apache.org | This message was automatically generated. > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIR
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16444834#comment-16444834 ] Hoss Man commented on SOLR-9304: patch updated to: * include commented out {{SOLR_SSL_CHECK_PEER_NAME}} in {{solr.in.sh}} and {{solr.in.cmd}} * update both those files as well as {{enabling-ssl.adoc}} to be consistent in their list of settings and comments about those settings > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16444395#comment-16444395 ] Hoss Man commented on SOLR-9304: I think the fix approach in this patch looks correct, allthough 2 related things bother me regarding the testing of this issue... # the only tests added are reflection based inspection of the final SchemaRegistery -- which not only means they'll be brittle if/when we upgrade commons-http, but it also means that we're not actaully testing that {{checkPeerNames==false}} does what we say it does. We assert that {{HttpClientUtil.getSchemaRegisteryProvider().getSchemaRegistry().lookup("https")}} is a {{ConnectionSocketFactory}} that uses {{NoopHostnameVerifier}}, but that doesn't prove prove that invalid hostnames will ignored when that property is set. (Somewhere down the road either the solr code or the http-commons could be refactored so that that code is irelevant) # It makes no sense that {{SSLTestConfig}} is checking the value of {{System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)}} -- this completely predates this patch, and as far as I can tell is a blatent bug introduced by SOLR-4509 as part of that refactoring, but we should address it here. The behavior of all our SSL testing should be deterministic regardless of what env/sys-props the user has set. I'm about to attach an updated version of the patch with some improvements to address these concerns... * minor refactoring to HttpClientUtilTest to reduce duplication * re-add {{create-keystores.sh}} ** this is the script that creates the keystore our SSL testing uses, and it appears that i removed this in SOLR-10791 ** it really should have been moved to {{solr/test-framework/src/resources/}} prior to that (when the original keystore location was copied/moved). * improve {{create-keystores.sh}} so that it generates 2 different keystores: ** (the existing) keystore that uses "localhost" and the loopback IP ** another (new) keystore that uses bogus hostname/ip combo that should fail peer name validation on any machine. * Add an option to {{SSLTestConfig}} to make peer name validation configurable, and pick the keystore to use based on that choice. ** When SSLTestConfig's {{checkPeerName=true}}, the config will use the exsiting "localhost" keystore ** if it's {{checkPeerName=false}} the (new) keystore containing the bogus hostname/ip combo will be used to ensure that all the SSL client code truly is ignoring the peer name in the cert. * Change {{SSLTestConfig}} so that by default it does *NOT* do peer name validation ** this is technically a change in the default testing behavior, but in my opinion a minor one since in the past it was only ever validating "localhost" ** if anything it now means less false negatives if someone has "localhost" configured improperly on their machine. *** we could potentially randomize this as part of that {{@RandomizeSSL}} annotation -- i personally don't see a lot of value in doing that, but i'm open to it if other people feel strongly. * Add 2 new tests to TestMiniSolrCloudClusterSSL: ** one that ensures an {{SSLTestConfig}} with {{checkPeerName=true}} is usable and works and clients can talk to the servers ** one that "tests the test" to ensure that if {{checkPeerName=false}} and the servers are using our "bogus hostname cert" that a client who trust's that cert, but has set {{HttpClientUtil.SYS_PROP_CHECK_PEER_NAME=true}} will get an {{SSLException}} if it tries to talk to those servers. I'm still doing some manual testing, but feedback appreciated. Please note that because of the new (binary) keystore files,the patch was generated with {{git diff --staged --binary}}. You should be able to use {{git apply}} just fine, but other patch based tools may not be happy with it. > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, > SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apac
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16421152#comment-16421152 ] Robby Pond commented on SOLR-9304: -- Thanks for working on this patch. I updated the patch with the changes to both bin/solr and bin/solr.cmd > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16421094#comment-16421094 ] Carlton Findley commented on SOLR-9304: --- I found an additional issue when testing this out. To support the bin/solr commandline tool, I had to add some logic there to read environment variables into arguments passed to the JVM. Not sure this is the ideal way to do this but does work. I have a patch but it is for 7.2.1, not main, so won't post here. But this is the change for linux, similar change needs to be added to solr.cmd. Then the solr.in.sh needs to have the value set. Added code in bold: if [ -n "$SOLR_SSL_TRUST_STORE_TYPE" ]; then SOLR_SSL_OPTS+=" -Djavax.net.ssl.trustStoreType=$SOLR_SSL_TRUST_STORE_TYPE" fi fi *if [ -n "$SOLR_SSL_CHECK_PEER_NAME" ]; then* *SOLR_SSL_OPTS+=" -Dsolr.ssl.checkPeerName=$SOLR_SSL_CHECK_PEER_NAME"* *fi* > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16414073#comment-16414073 ] Carlton Findley commented on SOLR-9304: --- Thanks for working on this! > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412421#comment-16412421 ] Shawn Heisey commented on SOLR-9304: I screwed up my "git diff". Have to upload it again. I notice that two methods were removed from the test. It looks like they were unused. > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412418#comment-16412418 ] Shawn Heisey commented on SOLR-9304: I did have to resolve a merge conflict when I applied the patch to master. Didn't look extensively into what was wrong, but I think I got it worked out, the new patch and the old patch are very similar. I did reorganize the imports in the test class. One of the conflicts was in the imports, so I just deleted the entire conflicting section and let eclipse figure out what imports were needed. :) > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412409#comment-16412409 ] Shawn Heisey commented on SOLR-9304: At first I was worried about the fact that the previous patch was 2K and the new one is 12K ... but after a quick look, I see that most of it is a new test. Always like to see new tests! I haven't really looked at the test. Something important to do for any test: Run the test without the fix and make sure it fails, then run it again with the fix and make sure it passes. I'm uploading a slightly modified patch. Instead of defining the socket factory initially and then defining a new socket factory if the check is disabled, it uses an "else" clause so the object is created once either way. > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man >Priority: Major > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, > SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master
[ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16288400#comment-16288400 ] Carlton Findley commented on SOLR-9304: --- Thanks for the patch! > -Dsolr.ssl.checkPeerName=false ignored on master > > > Key: SOLR-9304 > URL: https://issues.apache.org/jira/browse/SOLR-9304 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 7.0 >Reporter: Hoss Man > Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch > > > {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master... > {noformat} > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > checkPeerName > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep > SYS_PROP_CHECK_PEER_NAME > ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java: > boolean sslCheckPeerName = > toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), > true); > ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java: > public static final String SYS_PROP_CHECK_PEER_NAME = > "solr.ssl.checkPeerName"; > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org