You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2020/12/15 20:45:00 UTC

[jira] [Created] (NIFI-8096) Deprecate ClientAuth References in SslContextFactory and SSLContextService

David Handermann created NIFI-8096:
--------------------------------------

             Summary: Deprecate ClientAuth References in SslContextFactory and SSLContextService
                 Key: NIFI-8096
                 URL: https://issues.apache.org/jira/browse/NIFI-8096
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Core Framework, Extensions, Security
    Affects Versions: 1.12.1
            Reporter: David Handermann
            Assignee: David Handermann


{{SslContextFactory}} in nifi-security-utils and {{SSLContextService}} in nifi-ssl-context-service-api include methods for creating an {{SSLContext}} based on a {{ClientAuth}} parameter. The {{SslContextFactory.initializeSSLContext()}} method calls {{setNeedClientAuth}} or {{setWantClientAuth}} on the default {{SSLParameters}} object according to the {{ClientAuth}} value provided.

The default {{SSLParameters}} object returned from {{SSLContext.getDefaultSSLParameters()}} is a new copy for each invocation, which means that the value of {{ClientAuth}} passed to {{SslContextFactory}} does not influence whether client certificates will be required or requested. For this reason, the methods on {{SslContetFactory}} and {{SSLContextService}} that accept a ClientAuth parameter should be deprecated and references to these methods should be refactored.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)