You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Peter Turcsanyi (Jira)" <ji...@apache.org> on 2020/12/01 21:16:00 UTC
[jira] [Commented] (NIFI-8057) Remove truststore check from
SslContextFactory.createSslContext()
[ https://issues.apache.org/jira/browse/NIFI-8057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17241877#comment-17241877 ]
Peter Turcsanyi commented on NIFI-8057:
---------------------------------------
[~alopresto] do you have any concerns about it?
> Remove truststore check from SslContextFactory.createSslContext()
> -----------------------------------------------------------------
>
> Key: NIFI-8057
> URL: https://issues.apache.org/jira/browse/NIFI-8057
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.12.1
> Reporter: Peter Turcsanyi
> Priority: Major
>
> NIFI-7407 introduced a check in {{SslContextFactory.createSslContext()}}: if KS is configured, then TS must be configured too ([https://github.com/apache/nifi/blob/857eeca3c7d4b275fd698430594e7fae4864feff/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java#L79])
> This constraint is too strict for server-style processors (like ListenGRPC) where only a KS is needed for 1-way SSL (and the presence of TS turns on 2-way SSL).
> The check should be removed/relieved.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)