You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2016/07/06 18:59:11 UTC
[jira] [Updated] (NIFI-2186) Cluster communication treats client
and server sockets identically for peer certificate DN extraction
[ https://issues.apache.org/jira/browse/NIFI-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-2186:
--------------------------------
Description: The code to extract the peer certificate DN is identical for client and server {{SSLSocket}}, which means that servers are subject to the {{nifi.security.needClientAuth}} setting being set to {{true}}. Server certificates must be present in a secure connection regardless of this setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the {{master}} branch. (was: The code to extract the peer certificate DN is identical for client and server {{SSLSocket}}s, which means that servers are subject to the {{nifi.security.needClientAuth}} setting being set to {{true}}. Server certificates must be present in a secure connection regardless of this setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the {{master}} branch. )
> Cluster communication treats client and server sockets identically for peer certificate DN extraction
> -----------------------------------------------------------------------------------------------------
>
> Key: NIFI-2186
> URL: https://issues.apache.org/jira/browse/NIFI-2186
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Critical
> Labels: certificate, cluster, security, tls
> Fix For: 1.0.0
>
>
> The code to extract the peer certificate DN is identical for client and server {{SSLSocket}}, which means that servers are subject to the {{nifi.security.needClientAuth}} setting being set to {{true}}. Server certificates must be present in a secure connection regardless of this setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the {{master}} branch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)