Thanks for the report Ryan. It looks like this fell through the cracks and was reported a second time in Jira.
https://issues.apache.org/jira/browse/SOLR-14106 I have a patch up there that should help with some comments about multiple clientAuth certificates. Kevin Risden On Fri, Sep 27, 2019 at 1:04 PM Ryan Rockenbaugh <ryan_r...@yahoo.com.invalid> wrote: > All, > If you are using client authentication with SSL in Solr > (SOLR_SSL_NEED_CLIENT_AUTH=true or SOLR_SSL_WANT_CLIENT_AUTH=true), be > advised that Jetty made a change that will break Solr 8.2.0 > The version of Jetty packaged with Solr 8.2.0 changed to 9.4.19.v20190610 > (see > https://lucene.apache.org/solr/8_2_0/changes/Changes.html#v8.2.0.versions_of_major_components > ) > The official Jetty issue is here: > https://github.com/eclipse/jetty.project/issues/3554 > The stated fix is: > Set endpointIdentificationAlgorithm=null or better yet use > SslContextFactory.Server instead of a plain SslContextFactory. > I found I couldn't change the class from SslContextFactory to > SslContextFactory.Server > My workaround was to update the file server/etc/jetty-ssl.xml, adding the > following entry to the <Configure id="sslContextFactory" ...> element: > > <Set name="EndpointIdentificationAlgorithm"></Set> > Thanks, > Ryan Rockenbaugh > > > > > > "Do all the good you can, By all the means you can, In all the ways > you can, In all the places you can, At all the times you can, To all > the people you can, As long as ever you can." > > - John Wesley
