[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[ https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated NIFI-6561: -- Issue Type: Sub-task (was: Improvement) Parent: NIFI-5174 > Certificate compatibility broken for JDK8 build running on JRE11 > > > Key: NIFI-6561 > URL: https://issues.apache.org/jira/browse/NIFI-6561 > Project: Apache NiFi > Issue Type: Sub-task > Components: Security >Affects Versions: 1.10.0 >Reporter: Nathan Gough >Priority: Major > Labels: Java11, certificate, tls > > When testing Java 11 build compatibility, I found an issue with TLS > certificates when using a remote process group looped back to an input port > on the same cluster. The same certificates were used for JDK8/JRE8, > JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. > *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when > attempting to send to local input port with RPG*: > {code:java} > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector Could not communicate with > natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, > due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for > doesn't match any of the subject alternative names: [natog1.com] > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector > org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote > Group's peers due to Unable to communicate with remote NiFi cluster in order > to determine which nodes exist in the remote cluster{code} > But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[ https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated NIFI-6561: -- Labels: Java11 certificate tls (was: certificate tls) > Certificate compatibility broken for JDK8 build running on JRE11 > > > Key: NIFI-6561 > URL: https://issues.apache.org/jira/browse/NIFI-6561 > Project: Apache NiFi > Issue Type: Improvement > Components: Security >Affects Versions: 1.10.0 >Reporter: Nathan Gough >Priority: Major > Labels: Java11, certificate, tls > > When testing Java 11 build compatibility, I found an issue with TLS > certificates when using a remote process group looped back to an input port > on the same cluster. The same certificates were used for JDK8/JRE8, > JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. > *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when > attempting to send to local input port with RPG*: > {code:java} > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector Could not communicate with > natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, > due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for > doesn't match any of the subject alternative names: [natog1.com] > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector > org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote > Group's peers due to Unable to communicate with remote NiFi cluster in order > to determine which nodes exist in the remote cluster{code} > But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[ https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nathan Gough updated NIFI-6561: --- Description: When testing Java 11 build compatibility, I found an issue with TLS certificates when using a remote process group looped back to an input port on the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when attempting to send to local input port with RPG*: {noformat} 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [natog1.com] 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster{noformat} But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). was: When testing Java 11 build compatibility, I found an issue with TLS certificates when using a remote process group looped back to an input port on the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when attempting to send to local input port with RPG*: {code:java} 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [natog1.com] 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster{code} But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). > Certificate compatibility broken for JDK8 build running on JRE11 > > > Key: NIFI-6561 > URL: https://issues.apache.org/jira/browse/NIFI-6561 > Project: Apache NiFi > Issue Type: Improvement > Components: Security >Affects Versions: 1.10.0 >Reporter: Nathan Gough >Priority: Major > Labels: certificate, tls > > When testing Java 11 build compatibility, I found an issue with TLS > certificates when using a remote process group looped back to an input port > on the same cluster. The same certificates were used for JDK8/JRE8, > JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. > *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when > attempting to send to local input port with RPG*: > {noformat} > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector Could not communicate with > natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, > due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for > doesn't match any of the subject alternative names: [natog1.com] > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector > org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote > Group's peers due to Unable to communicate with remote NiFi cluster in order > to determine which nodes exist in the remote cluster{noformat} > But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[ https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nathan Gough updated NIFI-6561: --- Description: When testing Java 11 build compatibility, I found an issue with TLS certificates when using a remote process group looped back to an input port on the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when attempting to send to local input port with RPG*: {code:java} 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [natog1.com] 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster{code} But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). was: When testing Java 11 build compatibility, I found an issue with TLS certificates when using a remote process group looped back to an input port on the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when attempting to send to local input port with RPG*: {{}} {code:java} 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [natog1.com] 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster{code} But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). > Certificate compatibility broken for JDK8 build running on JRE11 > > > Key: NIFI-6561 > URL: https://issues.apache.org/jira/browse/NIFI-6561 > Project: Apache NiFi > Issue Type: Improvement > Components: Security >Affects Versions: 1.10.0 >Reporter: Nathan Gough >Priority: Major > Labels: certificate, tls > > When testing Java 11 build compatibility, I found an issue with TLS > certificates when using a remote process group looped back to an input port > on the same cluster. The same certificates were used for JDK8/JRE8, > JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. > *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when > attempting to send to local input port with RPG*: > {code:java} > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector Could not communicate with > natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, > due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for > doesn't match any of the subject alternative names: [natog1.com] 2019-08-13 > 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector > org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote > Group's peers due to Unable to communicate with remote NiFi cluster in order > to determine which nodes exist in the remote cluster{code} > But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[ https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nathan Gough updated NIFI-6561: --- Description: When testing Java 11 build compatibility, I found an issue with TLS certificates when using a remote process group looped back to an input port on the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when attempting to send to local input port with RPG*: {code:java} 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [natog1.com] 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster{code} But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). was: When testing Java 11 build compatibility, I found an issue with TLS certificates when using a remote process group looped back to an input port on the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when attempting to send to local input port with RPG*: {noformat} 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [natog1.com] 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster{noformat} But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). > Certificate compatibility broken for JDK8 build running on JRE11 > > > Key: NIFI-6561 > URL: https://issues.apache.org/jira/browse/NIFI-6561 > Project: Apache NiFi > Issue Type: Improvement > Components: Security >Affects Versions: 1.10.0 >Reporter: Nathan Gough >Priority: Major > Labels: certificate, tls > > When testing Java 11 build compatibility, I found an issue with TLS > certificates when using a remote process group looped back to an input port > on the same cluster. The same certificates were used for JDK8/JRE8, > JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. > *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when > attempting to send to local input port with RPG*: > {code:java} > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector Could not communicate with > natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, > due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for > doesn't match any of the subject alternative names: [natog1.com] > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector > org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote > Group's peers due to Unable to communicate with remote NiFi cluster in order > to determine which nodes exist in the remote cluster{code} > But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Updated] (NIFI-6561) Certificate compatibility broken for JDK8 build running on JRE11
[ https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nathan Gough updated NIFI-6561: --- External issue URL: (was: https://issues.apache.org/jira/browse/NIFI-5174) > Certificate compatibility broken for JDK8 build running on JRE11 > > > Key: NIFI-6561 > URL: https://issues.apache.org/jira/browse/NIFI-6561 > Project: Apache NiFi > Issue Type: Improvement > Components: Security >Affects Versions: 1.10.0 >Reporter: Nathan Gough >Priority: Major > Labels: certificate, tls > > When testing Java 11 build compatibility, I found an issue with TLS > certificates when using a remote process group looped back to an input port > on the same cluster. The same certificates were used for JDK8/JRE8, > JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case. > *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when > attempting to send to local input port with RPG*: > {{}} > {code:java} > 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector Could not communicate with > natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, > due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for > doesn't match any of the subject alternative names: [natog1.com] 2019-08-13 > 18:17:07,946 WARN [Http Site-to-Site PeerSelector] > o.apache.nifi.remote.client.PeerSelector > org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote > Group's peers due to Unable to communicate with remote NiFi cluster in order > to determine which nodes exist in the remote cluster{code} > But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11). -- This message was sent by Atlassian JIRA (v7.6.14#76016)