You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2016/07/06 18:59:11 UTC

[jira] [Updated] (NIFI-2186) Cluster communication treats client and server sockets identically for peer certificate DN extraction

     [ https://issues.apache.org/jira/browse/NIFI-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andy LoPresto updated NIFI-2186:
--------------------------------
    Description: The code to extract the peer certificate DN is identical for client and server {{SSLSocket}}, which means that servers are subject to the {{nifi.security.needClientAuth}} setting being set to {{true}}. Server certificates must be present in a secure connection regardless of this setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the {{master}} branch.    (was: The code to extract the peer certificate DN is identical for client and server {{SSLSocket}}s, which means that servers are subject to the {{nifi.security.needClientAuth}} setting being set to {{true}}. Server certificates must be present in a secure connection regardless of this setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the {{master}} branch.  )

> Cluster communication treats client and server sockets identically for peer certificate DN extraction
> -----------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-2186
>                 URL: https://issues.apache.org/jira/browse/NIFI-2186
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.0.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Critical
>              Labels: certificate, cluster, security, tls
>             Fix For: 1.0.0
>
>
> The code to extract the peer certificate DN is identical for client and server {{SSLSocket}}, which means that servers are subject to the {{nifi.security.needClientAuth}} setting being set to {{true}}. Server certificates must be present in a secure connection regardless of this setting. This was fixed in {{0.x}} in [NIFI-2119] and must be ported to the {{master}} branch.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)