You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/02/05 07:34:06 UTC
[GitHub] [nifi] natural opened a new pull request #4040: NIFI-6927 Fixes SSL
socket factory for ES on JDK9
natural opened a new pull request #4040: NIFI-6927 Fixes SSL socket factory for ES on JDK9
URL: https://github.com/apache/nifi/pull/4040
#### Description of PR
_Fixes bug NIFI-6927, Fixes bug NIFI-6930._
The code in this change-set provides a new way of initializing the HTTP client within the ES processors, allowing it to run on JDK9.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [X] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [X] Does your PR title start with **NIFI-XXXX** where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [X] Has your PR been rebased against the latest commit within the target branch (typically `master`)?
- [X] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._
### For code changes:
- [X] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder?
- [X] Have you written or updated unit tests to verify your changes?
- [X] Have you verified that the full build is successful on both JDK 8 and JDK 11?
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the `LICENSE` file, including the main `LICENSE` file under `nifi-assembly`?
- [ ] If applicable, have you updated the `NOTICE` file, including the main `NOTICE` file found under `nifi-assembly`?
- [ ] If adding new Properties, have you added `.displayName` in addition to .name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [nifi] alopresto commented on issue #4040: NIFI-6927 Fixes SSL
socket factory for ES on JDK9
Posted by GitBox <gi...@apache.org>.
alopresto commented on issue #4040: NIFI-6927 Fixes SSL socket factory for ES on JDK9
URL: https://github.com/apache/nifi/pull/4040#issuecomment-582587652
Thanks for submitting this. Do we know why OkHttp can't just use the existing trust factory? At first glance, this looks like code that we have in other locations in the codebase to craft this object.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [nifi] natural commented on issue #4040: NIFI-6927 Fixes SSL socket
factory for ES on JDK9
Posted by GitBox <gi...@apache.org>.
natural commented on issue #4040: NIFI-6927 Fixes SSL socket factory for ES on JDK9
URL: https://github.com/apache/nifi/pull/4040#issuecomment-583144774
I think you're right. I'll refactor those bits.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [nifi] alopresto commented on issue #4040: NIFI-6927 Fixes SSL
socket factory for ES on JDK9
Posted by GitBox <gi...@apache.org>.
alopresto commented on issue #4040: NIFI-6927 Fixes SSL socket factory for ES on JDK9
URL: https://github.com/apache/nifi/pull/4040#issuecomment-583075052
It looks like we have similar/identical code for constructing these objects in [`OkHttpReplicationClient`](https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java#L357) and [`InvokeHttp`](https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java#L692) among others. I think as this is becoming a common need, we should provide a utility method to wrap this logic and provide it in a class like [`KeyStoreUtils`](https://github.com/apache/nifi/blob/master/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java#L33) in `nifi-security-utils` module.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [nifi] natural commented on issue #4040: NIFI-6927 Fixes SSL socket
factory for ES on JDK9
Posted by GitBox <gi...@apache.org>.
natural commented on issue #4040: NIFI-6927 Fixes SSL socket factory for ES on JDK9
URL: https://github.com/apache/nifi/pull/4040#issuecomment-583004240
OkHttp suggests we rely on the system trust factory, per the docs: https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/ssl-socket-factory/
For our uses in this processor, I'm not sure there is another way to supply the trust store certs from the SSL context service to the HTTP client. Do you know of any, or do you think there's a better approach?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [nifi] natural closed pull request #4040: NIFI-6927 Fixes SSL
socket factory for ES on JDK9
Posted by GitBox <gi...@apache.org>.
natural closed pull request #4040: NIFI-6927 Fixes SSL socket factory for ES on JDK9
URL: https://github.com/apache/nifi/pull/4040
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services