[
https://issues.apache.org/jira/browse/SOLR-14106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16998964#comment-16998964
]
Jan Høydahl commented on SOLR-14106:
------------------------------------
This proves that the upgrade to jetty 9.4.19 was premature and incomplete. I
think the safest action would be to quickly after 8.4.0 release a 8.4.1 with
the only change being a revert of SOLR-13541, i.e. go back to jetty 9.4.14. The
revert applies cleanly and works here, need some full test suite runs of course.
And then the 8.5 release will upgrade to jetty 9.4.24 in one go, including
fixing all the Server/Client stuff, replace deprecated methods etc.
Actually, the project should pay more attention to deprecation warnings. That
would have caught this mess during development of SOLR-13541, because Jetty has
been spitting out deprecation warnings ever since 8.2.0 which was a warning
sign that the upgrade was not complete. I'll flag this on the dev list.
> SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
> -----------------------------------------------------------
>
> Key: SOLR-14106
> URL: https://issues.apache.org/jira/browse/SOLR-14106
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Server
> Affects Versions: 8.2, 8.3, 8.3.1
> Reporter: Jan Høydahl
> Assignee: Kevin Risden
> Priority: Major
> Labels: jetty, ssl
> Attachments: SOLR-14106.patch, deprecation-warning.patch
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> For a client we use SSL certificate authentication with Solr through the
> {{SOLR_SSL_NEED_CLIENT_AUTH=true}} setting. The client must then prove
> through a local pem file that it has the correct client certificate.
> This works well until Solr 8.1.1, but fails with Solr 8.2 and also 8.3.1.
> There has been a Jetty upgrade from from jetty-9.4.14 to jetty-9.4.19 and I
> see some deprecation warnings in the log of 8.3.1:
> {noformat}
> o.e.j.x.XmlConfiguration Deprecated method public void
> org.eclipse.jetty.util.ssl.SslContextFactory.setWantClientAuth(boolean) in
> file:///opt/solr-8.3.1/server/etc/jetty-ssl.xml
> {noformat}
> I have made a simple reproduction script using Docker to reproduce first the
> 8.1.1 behaviour that succeeds, then 8.3.1 which fails:
> {code}
> wget https://www.dropbox.com/s/fkjcez1i5anh42i/tls.tgz
> tar -xvzf tls.tgz
> cd tls
> ./repro.sh
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
