You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Cao Manh Dat (Jira)" <ji...@apache.org> on 2019/09/27 12:47:00 UTC

[jira] [Created] (SOLR-13798) Adding Enabling/Disabling client's hostname verification

Cao Manh Dat created SOLR-13798:
-----------------------------------

             Summary: Adding Enabling/Disabling client's hostname verification
                 Key: SOLR-13798
                 URL: https://issues.apache.org/jira/browse/SOLR-13798
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
    Affects Versions: 8.2
            Reporter: Cao Manh Dat
            Assignee: Cao Manh Dat


The problem for this after upgrading to Jetty 9.4.19 (SOLR-13541). {{endpointIdentificationAlgorithm}} changed from null → HTTPS. As a result of this client's hostname (identity) is always get verified on connecting Solr. 

This change improved the security level of Solr, since it requires 2 ways identity verifications (client verify server's identity and vice versa). It leads to a problem when only certificate verification is enough (client's hostname is not known ahead) for users.

We should introduce a flag in {{solr.in.sh}} to disable client's hostname verification when needed then.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org