You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Steve Davids (JIRA)" <ji...@apache.org> on 2014/03/16 03:28:46 UTC
[jira] [Commented] (SOLR-5868) HttpClient should be configured to
use ALLOW_ALL_HOSTNAME hostname verifier to simplify SSL setup
[ https://issues.apache.org/jira/browse/SOLR-5868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13936381#comment-13936381 ]
Steve Davids commented on SOLR-5868:
------------------------------------
In the current HttpClientUtil paradigm this can be achieved by retrieving the url scheme and setting the hostname verifier on the SSLSocketFactory: https://gist.github.com/sdavids13/9577027
If the HTTPClientBuilder approach is introduced (SOLR-5604) then it can be simply done via:
{code}
HttpClientBuilder.create().useSystemProperties().setHostnameVerifier(new AllowAllHostnameVerifier())...;
{code}
> HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname verifier to simplify SSL setup
> -------------------------------------------------------------------------------------------------
>
> Key: SOLR-5868
> URL: https://issues.apache.org/jira/browse/SOLR-5868
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 4.7
> Reporter: Steve Davids
> Fix For: 4.8
>
>
> The default HttpClient hostname verifier is the BROWSER_COMPATIBLE_HOSTNAME_VERIFIER which verifies the hostname that is being connected to matches the hostname presented within the certificate. This is meant to protect clients that are making external requests out across the internet, but requests within the the SOLR cluster should be trusted and can be relaxed to simplify the SSL/certificate setup process.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org