[
https://issues.apache.org/jira/browse/KNOX-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16505670#comment-16505670
]
ASF subversion and git services commented on KNOX-1346:
-------------------------------------------------------
Commit 611569d120f6d5c43d04faeab111daf54a4ff892 in knox's branch
refs/heads/master from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=611569d ]
KNOX-1346 - SNI Mismatch Failures due to Wrong Host Header
> SNI Mismatch Failures due to Wrong Host Header
> ----------------------------------------------
>
> Key: KNOX-1346
> URL: https://issues.apache.org/jira/browse/KNOX-1346
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 1.1.0
>
>
> It has come to my attention that proxying various services is failing when
> access to the backend service is over TLS due to an SNI Mismatch. This is due
> to the Host header not matching the Server Name Indicator (SNI).
> We have been doing a combination of excluding the Host header from being
> dispatched to some services while sending a Host header that was what the
> client used to call Knox gateway. Both of these conditions are violations of
> the SNI rules. I think that recent Jetty upgrades may have introduced
> enforcement of these rules where it didn't exist previously.
> This change changes the Host header to be the host of the targetUrl within
> the UrlRewriteRequest. This should always be correct.
> It will also remove the recent update to the the AtlasHaDispatch to allow the
> Host header to be sent again in order to avoid issues with it missing.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
