Hello, It looks like InvokeHttp creates an instance of the OkHttp client in the onScheduled method which is called when the processor is started, and when it creates the client it will specify a hostname verifier to always accept whatever the trusted hostname is. So the issue is that if trusted hostname were to support EL from flow file attributes, then you could no longer create the client instance in onScheduled, you would have to lazily create it per flow file with some type of cache from trusted hostname to client instance, making the logic of the processor a bit more complex.
I suspect the expectation was that trusted hostname should be used very sparingly since it is really a bit of a hack to bypass a proper TLS configuration, and so maybe it was not expected that you would need to specify many different trusted hostnames, but I'm only guessing. I think it would be very easy to allow a comma separated list, or possibly a regex. You would just have to modify the hostname verifier here: https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java#L1213-L1230 - Bryan On Tue, Feb 12, 2019 at 10:06 AM ara m. <arama...@gmail.com> wrote: > > In the InvokeHTTP processor, the Remote URL property supports Expression > Language but the Trusted Hostname does not. I can't use any form of stars, > *.*.my.expected.domain.com, and i cant use comma-separated values. > > You can see this is a huge problem as domain name difference will cause > errors when we pass down varying Remote URL's and the Trusted Host stays the > same. For one of them I can use a variable, and the other is stuck. > Why was this implemented this way, was it an oversight? What is the work > around for this? Create custom processor and import all the libs required > for the code? Or modify nifi processor itself and rebuild nifi jars? > What is your recommendation? And thank you ahead of time. > > > > -- > Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/
