[jira] [Commented] (SOLR-14106) SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0

Tue, 17 Dec 2019 13:31:35 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-14106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16998602#comment-16998602
 ] 

Kevin Risden commented on SOLR-14106:
-------------------------------------

Here are all the references to SslContextFactory:

{code:java}
git grep -F org.eclipse.jetty.util.ssl.SslContextFactory | cat
core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java:import 
org.eclipse.jetty.util.ssl.SslContextFactory;
core/src/test/org/apache/hadoop/http/HttpServer2.java:import 
org.eclipse.jetty.util.ssl.SslContextFactory;
server/etc/jetty-ssl.xml:<Configure id="sslContextFactory" 
class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
solrj/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java:import 
org.eclipse.jetty.util.ssl.SslContextFactory;
solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java:import 
org.eclipse.jetty.util.ssl.SslContextFactory;
test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:import 
org.eclipse.jetty.util.ssl.SslContextFactory;
{code}


> SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
> -----------------------------------------------------------
>
>                 Key: SOLR-14106
>                 URL: https://issues.apache.org/jira/browse/SOLR-14106
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 8.2, 8.3.1
>            Reporter: Jan Høydahl
>            Priority: Major
>
> For a client we use SSL certificate authentication with Solr through the 
> {{SOLR_SSL_NEED_CLIENT_AUTH=true}} setting. The client must then prove 
> through a local pem file that it has the correct client certificate.
> This works well until Solr 8.1.1, but fails with Solr 8.2 and also 8.3.1. 
> There has been a Jetty upgrade from from jetty-9.4.14 to jetty-9.4.19 and I 
> see some deprecation warnings in the log of 8.3.1:
> {noformat}
> o.e.j.x.XmlConfiguration Deprecated method public void 
> org.eclipse.jetty.util.ssl.SslContextFactory.setWantClientAuth(boolean) in 
> file:///opt/solr-8.3.1/server/etc/jetty-ssl.xml
> {noformat}
> I have made a simple reproduction script using Docker to reproduce first the 
> 8.1.1 behaviour that succeeds, then 8.3.1 which fails:
> {code}
> wget https://www.dropbox.com/s/fkjcez1i5anh42i/tls.tgz
> tar -xvzf tls.tgz
> cd tls
> ./repro.sh
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to