Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-16963

verifyClientHostName is used incorrectly

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 8.4.1
    • main (10.0), 9.4
    • http2, SolrJ
    • None

    Description

      Since SOLR-14163, the solr.jetty.ssl.verifyClientHostName and solr.ssl.checkPeerName options have done the exact same thing in the Http2SolrClient, which is control the EndpointIdentificationAlgorithm

      Since solr.jetty.ssl.verifyClientHostName is checked second, that is actually the setting that is used to determine the EndpointIdentificationAlgorithm, so solr.ssl.checkPeerName is actually ignored.

      Going forward I suggest that we stop our use of solr.jetty.ssl.verifyClientHostname, because it was added after solr.ssl.checkPeerName and its name is less correct. The endpointIdentificationAlgorithm doesn't do any verification of the client's hostname. That's a mTLS option, and is server-side.

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. SOLR-14163 SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION needs to work with Jetty server/client SSL contexts

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #1916

          Activity

            People

              houston Houston Putman
              houston Houston Putman
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h