[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[
https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeff Storck updated NIFI-6561:
--
Issue Type: Sub-task (was: Improvement)
Parent: NIFI-5174
> Certificate compatibility broken for JDK8 build running on JRE11
>
>
> Key: NIFI-6561
> URL: https://issues.apache.org/jira/browse/NIFI-6561
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Security
>Affects Versions: 1.10.0
>Reporter: Nathan Gough
>Priority: Major
> Labels: Java11, certificate, tls
>
> When testing Java 11 build compatibility, I found an issue with TLS
> certificates when using a remote process group looped back to an input port
> on the same cluster. The same certificates were used for JDK8/JRE8,
> JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.
> *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
> attempting to send to local input port with RPG*:
> {code:java}
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector Could not communicate with
> natog0.com:9551 to determine which nodes exist in the remote NiFi cluster,
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
> doesn't match any of the subject alternative names: [natog1.com]
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector
> org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
> Group's peers due to Unable to communicate with remote NiFi cluster in order
> to determine which nodes exist in the remote cluster{code}
> But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[
https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeff Storck updated NIFI-6561:
--
Labels: Java11 certificate tls (was: certificate tls)
> Certificate compatibility broken for JDK8 build running on JRE11
>
>
> Key: NIFI-6561
> URL: https://issues.apache.org/jira/browse/NIFI-6561
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
>Affects Versions: 1.10.0
>Reporter: Nathan Gough
>Priority: Major
> Labels: Java11, certificate, tls
>
> When testing Java 11 build compatibility, I found an issue with TLS
> certificates when using a remote process group looped back to an input port
> on the same cluster. The same certificates were used for JDK8/JRE8,
> JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.
> *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
> attempting to send to local input port with RPG*:
> {code:java}
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector Could not communicate with
> natog0.com:9551 to determine which nodes exist in the remote NiFi cluster,
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
> doesn't match any of the subject alternative names: [natog1.com]
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector
> org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
> Group's peers due to Unable to communicate with remote NiFi cluster in order
> to determine which nodes exist in the remote cluster{code}
> But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[
https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Gough updated NIFI-6561:
---
Description:
When testing Java 11 build compatibility, I found an issue with TLS
certificates when using a remote process group looped back to an input port on
the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11,
JDK11/JRE11 ie. they contained relevant SAN entries in each case.
*Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
attempting to send to local input port with RPG*:
{noformat}
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
doesn't match any of the subject alternative names: [natog1.com]
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster{noformat}
But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
was:
When testing Java 11 build compatibility, I found an issue with TLS
certificates when using a remote process group looped back to an input port on
the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11,
JDK11/JRE11 ie. they contained relevant SAN entries in each case.
*Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
attempting to send to local input port with RPG*:
{code:java}
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
doesn't match any of the subject alternative names: [natog1.com] 2019-08-13
18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster{code}
But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
> Certificate compatibility broken for JDK8 build running on JRE11
>
>
> Key: NIFI-6561
> URL: https://issues.apache.org/jira/browse/NIFI-6561
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
>Affects Versions: 1.10.0
>Reporter: Nathan Gough
>Priority: Major
> Labels: certificate, tls
>
> When testing Java 11 build compatibility, I found an issue with TLS
> certificates when using a remote process group looped back to an input port
> on the same cluster. The same certificates were used for JDK8/JRE8,
> JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.
> *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
> attempting to send to local input port with RPG*:
> {noformat}
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector Could not communicate with
> natog0.com:9551 to determine which nodes exist in the remote NiFi cluster,
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
> doesn't match any of the subject alternative names: [natog1.com]
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector
> org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
> Group's peers due to Unable to communicate with remote NiFi cluster in order
> to determine which nodes exist in the remote cluster{noformat}
> But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[
https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Gough updated NIFI-6561:
---
Description:
When testing Java 11 build compatibility, I found an issue with TLS
certificates when using a remote process group looped back to an input port on
the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11,
JDK11/JRE11 ie. they contained relevant SAN entries in each case.
*Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
attempting to send to local input port with RPG*:
{code:java}
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
doesn't match any of the subject alternative names: [natog1.com] 2019-08-13
18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster{code}
But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
was:
When testing Java 11 build compatibility, I found an issue with TLS
certificates when using a remote process group looped back to an input port on
the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11,
JDK11/JRE11 ie. they contained relevant SAN entries in each case.
*Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
attempting to send to local input port with RPG*:
{{}}
{code:java}
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
doesn't match any of the subject alternative names: [natog1.com] 2019-08-13
18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster{code}
But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
> Certificate compatibility broken for JDK8 build running on JRE11
>
>
> Key: NIFI-6561
> URL: https://issues.apache.org/jira/browse/NIFI-6561
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
>Affects Versions: 1.10.0
>Reporter: Nathan Gough
>Priority: Major
> Labels: certificate, tls
>
> When testing Java 11 build compatibility, I found an issue with TLS
> certificates when using a remote process group looped back to an input port
> on the same cluster. The same certificates were used for JDK8/JRE8,
> JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.
> *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
> attempting to send to local input port with RPG*:
> {code:java}
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector Could not communicate with
> natog0.com:9551 to determine which nodes exist in the remote NiFi cluster,
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
> doesn't match any of the subject alternative names: [natog1.com] 2019-08-13
> 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector
> org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
> Group's peers due to Unable to communicate with remote NiFi cluster in order
> to determine which nodes exist in the remote cluster{code}
> But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[
https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Gough updated NIFI-6561:
---
Description:
When testing Java 11 build compatibility, I found an issue with TLS
certificates when using a remote process group looped back to an input port on
the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11,
JDK11/JRE11 ie. they contained relevant SAN entries in each case.
*Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
attempting to send to local input port with RPG*:
{code:java}
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
doesn't match any of the subject alternative names: [natog1.com]
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster{code}
But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
was:
When testing Java 11 build compatibility, I found an issue with TLS
certificates when using a remote process group looped back to an input port on
the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11,
JDK11/JRE11 ie. they contained relevant SAN entries in each case.
*Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
attempting to send to local input port with RPG*:
{noformat}
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector Could not communicate with
natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due
to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
doesn't match any of the subject alternative names: [natog1.com]
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
o.apache.nifi.remote.client.PeerSelector
org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
Group's peers due to Unable to communicate with remote NiFi cluster in order to
determine which nodes exist in the remote cluster{noformat}
But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
> Certificate compatibility broken for JDK8 build running on JRE11
>
>
> Key: NIFI-6561
> URL: https://issues.apache.org/jira/browse/NIFI-6561
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
>Affects Versions: 1.10.0
>Reporter: Nathan Gough
>Priority: Major
> Labels: certificate, tls
>
> When testing Java 11 build compatibility, I found an issue with TLS
> certificates when using a remote process group looped back to an input port
> on the same cluster. The same certificates were used for JDK8/JRE8,
> JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.
> *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
> attempting to send to local input port with RPG*:
> {code:java}
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector Could not communicate with
> natog0.com:9551 to determine which nodes exist in the remote NiFi cluster,
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
> doesn't match any of the subject alternative names: [natog1.com]
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector
> org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
> Group's peers due to Unable to communicate with remote NiFi cluster in order
> to determine which nodes exist in the remote cluster{code}
> But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[
https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Gough updated NIFI-6561:
---
External issue URL: (was: https://issues.apache.org/jira/browse/NIFI-5174)
> Certificate compatibility broken for JDK8 build running on JRE11
>
>
> Key: NIFI-6561
> URL: https://issues.apache.org/jira/browse/NIFI-6561
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
>Affects Versions: 1.10.0
>Reporter: Nathan Gough
>Priority: Major
> Labels: certificate, tls
>
> When testing Java 11 build compatibility, I found an issue with TLS
> certificates when using a remote process group looped back to an input port
> on the same cluster. The same certificates were used for JDK8/JRE8,
> JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.
> *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
> attempting to send to local input port with RPG*:
> {{}}
> {code:java}
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector Could not communicate with
> natog0.com:9551 to determine which nodes exist in the remote NiFi cluster,
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for
> doesn't match any of the subject alternative names: [natog1.com] 2019-08-13
> 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector
> org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
> Group's peers due to Unable to communicate with remote NiFi cluster in order
> to determine which nodes exist in the remote cluster{code}
> But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
