You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by "Kevin Doran (JIRA)" <ji...@apache.org> on 2017/05/08 15:55:04 UTC
[jira] [Updated] (MINIFI-303) MiNiFi nifi.security.need.ClientAuth
property not working when set to false
[ https://issues.apache.org/jira/browse/MINIFI-303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Doran updated MINIFI-303:
-------------------------------
Description:
The property {{nifi.security.need.ClientAuth=false}} has no effect (ie, the application will operate as if {{nifi.security.need.ClientAuth=true}}
Steps to reproduce:
In conf/minifi.properties, set:
{noformat}
nifi.security.need.ClientAuth=false
{noformat}
At runtime, observe in minifi-app.log.txt:
{noformat}
[2017-05-08 11:21] [minifi log] [error] Certificate and Private Key PEM file
not configured, error: Undefined error: 0.
{noformat}
At a quick glance, it looks like this is a bug in the logic in nifi-minifi-cpp/libminifi/src/io/tls/TLSSocket.cpp. In that file, back tracing from the error string, it appears the conditional that gates loading the Certificate and Private Key PEM file properties is incorrect when nifi.security.need.ClientAuth=false.
Should be a simple fix, and it's not clear to me if there is even any functionality impact, ie, its possible that trying and failing to authenticate the client results in the same end state as not trying to authenticate the client (aside from the confusing error message).
was:
The property {{nifi.security.need.ClientAuth=false}} has no effect (ie, the application will operate as if {{nifi.security.need.ClientAuth=true}}
Steps to reproduce:
In {{conf/minifi.properties}}, set:
{noformat}
nifi.security.need.ClientAuth=false
{noformat}
At runtime, observe in {{minifi-app.log.txt}}:
{noformat}
[2017-05-08 11:21] [minifi log] [error] Certificate and Private Key PEM file
not configured, error: Undefined error: 0.
{noformat}
At a quick glance, it looks like this is a bug in the logic in {{nifi-minifi-cpp/libminifi/src/io/tls/TLSSocket.cpp}}. In that file, back tracing from the error string, it appears the conditional that gates loading the Certificate and Private Key PEM file properties is incorrect when {{nifi.security.need.ClientAuth=false}}.
Should be a simple fix, and it's not clear to me if there is even any functionality impact, ie, its possible that trying and failing to authenticate the client results in the same end state as not trying to authenticate the client (aside from the confusing error message).
> MiNiFi nifi.security.need.ClientAuth property not working when set to false
> ---------------------------------------------------------------------------
>
> Key: MINIFI-303
> URL: https://issues.apache.org/jira/browse/MINIFI-303
> Project: Apache NiFi MiNiFi
> Issue Type: Bug
> Components: Agent Configuration/Installation, C++
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Priority: Minor
>
> The property {{nifi.security.need.ClientAuth=false}} has no effect (ie, the application will operate as if {{nifi.security.need.ClientAuth=true}}
> Steps to reproduce:
> In conf/minifi.properties, set:
> {noformat}
> nifi.security.need.ClientAuth=false
> {noformat}
> At runtime, observe in minifi-app.log.txt:
> {noformat}
> [2017-05-08 11:21] [minifi log] [error] Certificate and Private Key PEM file
> not configured, error: Undefined error: 0.
> {noformat}
> At a quick glance, it looks like this is a bug in the logic in nifi-minifi-cpp/libminifi/src/io/tls/TLSSocket.cpp. In that file, back tracing from the error string, it appears the conditional that gates loading the Certificate and Private Key PEM file properties is incorrect when nifi.security.need.ClientAuth=false.
> Should be a simple fix, and it's not clear to me if there is even any functionality impact, ie, its possible that trying and failing to authenticate the client results in the same end state as not trying to authenticate the client (aside from the confusing error message).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)