[jira] [Commented] (SOLR-14106) SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0

Fri, 20 Dec 2019 15:16:00 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-14106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17001287#comment-17001287
 ] 

ASF subversion and git services commented on SOLR-14106:
--------------------------------------------------------

Commit aab3c5faa338e158bcab2fb5f09b309ee455a4c5 in lucene-solr's branch 
refs/heads/jira/SOLR-13984 from Kevin Risden
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=aab3c5f ]

SOLR-14106: Cleanup Jetty SslContextFactory usage

Jetty 9.4.16.v20190411 and up introduced separate
client and server SslContextFactory implementations.
This split requires the proper use of of
SslContextFactory in clients and server configs.

This fixes the following
* SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
* Http2SolrClient SSL not working in branch_8x

Signed-off-by: Kevin Risden <kris...@apache.org>


> SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
> -----------------------------------------------------------
>
>                 Key: SOLR-14106
>                 URL: https://issues.apache.org/jira/browse/SOLR-14106
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Server
>    Affects Versions: 8.2, 8.3, 8.4, 8.3.1
>            Reporter: Jan Høydahl
>            Assignee: Kevin Risden
>            Priority: Major
>              Labels: jetty, ssl
>             Fix For: 8.5, 8.4.1
>
>         Attachments: SOLR-14106.patch, SOLR-14106.patch, SOLR-14106.patch, 
> deprecation-warning.patch
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> For a client we use SSL certificate authentication with Solr through the 
> {{SOLR_SSL_NEED_CLIENT_AUTH=true}} setting. The client must then prove 
> through a local pem file that it has the correct client certificate.
> This works well until Solr 8.1.1, but fails with Solr 8.2 and also 8.3.1. 
> There has been a Jetty upgrade from from jetty-9.4.14 to jetty-9.4.19 and I 
> see some deprecation warnings in the log of 8.3.1:
> {noformat}
> o.e.j.x.XmlConfiguration Deprecated method public void 
> org.eclipse.jetty.util.ssl.SslContextFactory.setWantClientAuth(boolean) in 
> file:///opt/solr-8.3.1/server/etc/jetty-ssl.xml
> {noformat}
> I have made a simple reproduction script using Docker to reproduce first the 
> 8.1.1 behaviour that succeeds, then 8.3.1 which fails:
> {code}
> wget https://www.dropbox.com/s/fkjcez1i5anh42i/tls.tgz
> tar -xvzf tls.tgz
> cd tls
> ./repro.sh
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to