Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
9.2
-
None
-
None
Description
Jetty 10 slightly changed the behavior for handling SNI validation. See Jetty9.4 vs Jetty 10. In Jetty 9, by default (which Solr uses up to version 9.1), SNI extension was not validated if not present, but in Jetty 10, by default, the host name is validated against the host certificate, and 400: Invalid SNI is thrown if they don't match.
I think the right approach for Solr is to set sniHostCheck to false, and at the most be the option to configure using jetty internal sysprops like here
Attachments
Issue Links
- links to
Activity
ASF GitHub Bot
logged work - 06/Apr/23 17:57
-
- Time Spent:
- 10m
-
tflobbe opened a new pull request, #1547:
URL: https://github.com/apache/solr/pull/1547
This PR doesn't change any defaults, just adds a way to configure via system properties
ASF GitHub Bot
logged work - 07/Apr/23 00:30
-
- Time Spent:
- 10m
-
tflobbe merged PR #1547:
URL: https://github.com/apache/solr/pull/1547