[
https://issues.apache.org/jira/browse/SOLR-14163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007753#comment-17007753
]
Kevin Risden commented on SOLR-14163:
-------------------------------------
{quote}Currently the default of SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION in
bin/solr is HTTPS, not false as the docs says and the commented values in
bin/solr suggests. And in bin/solr.cmd it is not present at all...{quote}
Yup it looks all over the map from SOLR-13798. It looks like SOLR-13798
predates the Jetty ssl context split to client/server. I was looking at fixing
at least bin/solr.cmd as well.
{quote}So you say we should still keep the
{{SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION }}setting, but let it take effect for
Client only, i.e. for Solr inter-node communication, or for pure SolrJ
usage.{quote}
Yea I think so. If we want to have the ability to disable it. I personally
don't like the option to disable TLS things since correct certs are usually
easier to create/use.
> SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION needs to work with Jetty server/client
> SSL contexts
> -----------------------------------------------------------------------------------------
>
> Key: SOLR-14163
> URL: https://issues.apache.org/jira/browse/SOLR-14163
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Server
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Major
> Fix For: 8.5, 8.4.1
>
>
> SOLR-14106 ensured that Jetty ssl context used client and server correctly.
> This however requires that SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION be handled
> slightly differently to ensure that only clients are affected.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
