You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2020/12/21 22:02:00 UTC
[jira] [Updated] (NIFI-8096) Deprecate ClientAuth References in
SslContextFactory and SSLContextService
[ https://issues.apache.org/jira/browse/NIFI-8096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann updated NIFI-8096:
-----------------------------------
Status: Patch Available (was: In Progress)
> Deprecate ClientAuth References in SslContextFactory and SSLContextService
> --------------------------------------------------------------------------
>
> Key: NIFI-8096
> URL: https://issues.apache.org/jira/browse/NIFI-8096
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Extensions, Security
> Affects Versions: 1.12.1
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Labels: security
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {{SslContextFactory}} in nifi-security-utils and {{SSLContextService}} in nifi-ssl-context-service-api include methods for creating an {{SSLContext}} based on a {{ClientAuth}} parameter. The {{SslContextFactory.initializeSSLContext()}} method calls {{setNeedClientAuth}} or {{setWantClientAuth}} on the default {{SSLParameters}} object according to the {{ClientAuth}} value provided.
> The default {{SSLParameters}} object returned from {{SSLContext.getDefaultSSLParameters()}} is a new copy for each invocation, which means that the value of {{ClientAuth}} passed to {{SslContextFactory}} does not influence whether client certificates will be required or requested. For this reason, the methods on {{SslContetFactory}} and {{SSLContextService}} that accept a ClientAuth parameter should be deprecated and references to these methods should be refactored.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)