You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Shawn Heisey (JIRA)" <ji...@apache.org> on 2018/03/24 04:50:00 UTC

[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master

    [ https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412409#comment-16412409 ] 

Shawn Heisey commented on SOLR-9304:
------------------------------------

At first I was worried about the fact that the previous patch was 2K and the new one is 12K ... but after a quick look, I see that most of it is a new test.  Always like to see new tests!

I haven't really looked at the test.  Something important to do for any test:  Run the test without the fix and make sure it fails, then run it again with the fix and make sure it passes.

I'm uploading a slightly modified patch.  Instead of defining the socket factory initially and then defining a new socket factory if the check is disabled, it uses an "else" clause so the object is created once either way.


> -Dsolr.ssl.checkPeerName=false ignored on master
> ------------------------------------------------
>
>                 Key: SOLR-9304
>                 URL: https://issues.apache.org/jira/browse/SOLR-9304
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 7.0
>            Reporter: Hoss Man
>            Priority: Major
>         Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:  public static final String SYS_PROP_CHECK_PEER_NAME = "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:      boolean sslCheckPeerName = toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:  public static final String SYS_PROP_CHECK_PEER_NAME = "solr.ssl.checkPeerName";
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org