Kevin Risden created SOLR-16679: ----------------------------------- Summary: Fix solr.jetty.ssl.verifyClientHostName logging Key: SOLR-16679 URL: https://issues.apache.org/jira/browse/SOLR-16679 Project: Solr Issue Type: Task Security Level: Public (Default Security Level. Issues are Public) Reporter: Kevin Risden Assignee: Kevin Risden
In SOLR-16669, [~houston] found in https://github.com/apache/solr/pull/1367 {quote}Main with #1366 included: {code:java} 2023-02-22 09:28:49.232 WARN (main) [] o.e.j.u.s.S.config Trusting all certificates configured for Client@1d901f20[provider=null,keyStore=null,trustStore=null] 2023-02-22 09:28:49.233 WARN (main) [] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@1d901f20[provider=null,keyStore=null,trustStore=null] 2023-02-22 09:28:49.339 WARN (main) [] o.e.j.u.s.S.config Trusting all certificates configured for Client@760487aa[provider=null,keyStore=null,trustStore=null] 2023-02-22 09:28:49.339 WARN (main) [] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@760487aa[provider=null,keyStore=null,trustStore=null] {code} Then with this change: {code:java} 2023-02-22 09:31:12.602 WARN (main) [] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@2c9a6717[provider=null,keyStore=null,trustStore=null] 2023-02-22 09:31:12.690 WARN (main) [] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@760487aa[provider=null,keyStore=null,trustStore=null] {code} That is due to this line: {code:java} sslContextFactory.setEndpointIdentificationAlgorithm( System.getProperty("solr.jetty.ssl.verifyClientHostName")); {code} It seems like this stems from https://issues.apache.org/jira/browse/SOLR-14163, so we have the perfect people to discuss this @janhoy & @risdenk ! I'll leave it to y'all if we want to use "HTTPS" as the default. That will make the last 2 warnings go away. We can also deal with this in a different PR/issue if y'all want to, it's pretty unrelated. (I will say the SolrJ tests work with HTTPS as the default for this sysProp, so it will work for users using HTTP){quote} We should default to HTTPS if TLS is not enabled. It looks like we disable client hostname verification by default and the setting solr.jetty.ssl.verifyClientHostName only applies if TLS is enabled. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org