You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "HoustonPutman (via GitHub)" <gi...@apache.org> on 2023/02/17 17:46:45 UTC

[GitHub] [solr] HoustonPutman opened a new pull request, #1367: SOLR-16669: Fix default checkPeerName in Http2SolrClient

HoustonPutman opened a new pull request, #1367:
URL: https://github.com/apache/solr/pull/1367

   https://issues.apache.org/jira/browse/SOLR-16669
   
   The primary issue is the `checkPeerNameStr == null` check. If the sysProp is not provided we want to default to `true`, not `false`.
   
   Not back-compat, but actually follows the code and ref-guide documentation.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] HoustonPutman merged pull request #1367: SOLR-16669: Fix default checkPeerName in Http2SolrClient

Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.

HoustonPutman merged PR #1367:
URL: https://github.com/apache/solr/pull/1367


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] HoustonPutman commented on pull request #1367: SOLR-16669: Fix default checkPeerName in Http2SolrClient

Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.

HoustonPutman commented on PR #1367:
URL: https://github.com/apache/solr/pull/1367#issuecomment-1439796112

   Ok @janhoy , checking the logs message.
   
   Main with #1366 included:
   
   ```
   2023-02-22 09:28:49.232 WARN  (main) [] o.e.j.u.s.S.config Trusting all certificates configured for Client@1d901f20[provider=null,keyStore=null,trustStore=null]
   2023-02-22 09:28:49.233 WARN  (main) [] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@1d901f20[provider=null,keyStore=null,trustStore=null]
   2023-02-22 09:28:49.339 WARN  (main) [] o.e.j.u.s.S.config Trusting all certificates configured for Client@760487aa[provider=null,keyStore=null,trustStore=null]
   2023-02-22 09:28:49.339 WARN  (main) [] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@760487aa[provider=null,keyStore=null,trustStore=null]
   ```
   
   Then with this change:
   
   ```
   2023-02-22 09:31:12.602 WARN  (main) [] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@2c9a6717[provider=null,keyStore=null,trustStore=null]
   2023-02-22 09:31:12.690 WARN  (main) [] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@760487aa[provider=null,keyStore=null,trustStore=null]
   ```
   
   That is due to this line:
   ```
   sslContextFactory.setEndpointIdentificationAlgorithm(
           System.getProperty("solr.jetty.ssl.verifyClientHostName"));
   ```
   
   It seems like this stems from https://issues.apache.org/jira/browse/SOLR-14163, so we have the perfect people to discuss this @janhoy & @risdenk ! I'll leave it to y'all if we want to use "HTTPS" as the default. That will make the last 2 warnings go away. We can also deal with this in a different PR/issue if y'all want to, it's pretty unrelated.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] risdenk commented on pull request #1367: SOLR-16669: Fix default checkPeerName in Http2SolrClient

Posted by "risdenk (via GitHub)" <gi...@apache.org>.

risdenk commented on PR #1367:
URL: https://github.com/apache/solr/pull/1367#issuecomment-1440146823

   Oooo thanks for digging @HoustonPutman agree that 
   
   ```
   sslContextFactory.setEndpointIdentificationAlgorithm(
           System.getProperty("solr.jetty.ssl.verifyClientHostName"));
   ```
   
   looks to be the issue. We should default to `HTTPS` if TLS is not enabled. It looks like we disable client hostname verification by default and the setting `solr.jetty.ssl.verifyClientHostName` only applies if TLS is enabled.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org