[ https://issues.apache.org/jira/browse/NIFI-4274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Villard resolved NIFI-4274. ---------------------------------- Resolution: Fixed Fix Version/s: 1.4.0 > SSLContextService keystore and truststore location property descriptors > incorrectly attempt to evaluate EL > ---------------------------------------------------------------------------------------------------------- > > Key: NIFI-4274 > URL: https://issues.apache.org/jira/browse/NIFI-4274 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.3.0 > Reporter: Andy LoPresto > Assignee: Andy LoPresto > Labels: expression-language, security, tls, truststore > Fix For: 1.4.0 > > > As reported on [Stack Overflow|https://stackoverflow.com/q/45561985/70465], > the {{StandardSSLContextService}} truststore location property descriptor > would not evaluate an environment variable containing the location of the > truststore file. The reporter said that by adding a space prior to the EL > expression, it would evaluate, but result in an invalid path because it > started with a space. > Bryan Bende pointed out that this field does not support Expression Language. > While I could not reproduce this behavior, I did verify using a remote > debugger that while the field does not support EL, the [custom file validator > incorrectly attempts to evaluate > EL|https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java#L183-L183], > which is counter-indicated by the documentation and will cause issues. This > line follows immediately after comments explaining the existence of the > custom validator is because the default evaluates EL, which is not desired > here. > While personally, I do not believe these fields should support EL (security > risk of the sensitive location being changed outside of NiFi with no > visibility), the documentation and actual behavior should at least agree. > The custom validator should not evaluate EL. Follow on discussion on this > ticket or the mailing list may lead to new requirements to handle EL, but > this can be implemented correctly and consistently at such time. -- This message was sent by Atlassian JIRA (v6.4.14#64029)