[SOLR-16964] sniHostCheck should default to SOLR_SSL_CHECK_PEER_NAME - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 9.2
Fix Version/s: 9.4
Component/s: Server
Labels:
None

Description

When we upgraded Solr to Jetty 10, it started doing SNI checks by default. To combat this, Tomas added an option to skip SNI Host checking in ~~SOLR-16735~~. I think that this should default to the option already given in SOLR_SSL_CHECK_PEER_NAME, which is practically the same check for clients. (SNI is a server setting).

So if we start to set solr.jetty.ssl.sniHostCheck by default to the value that SOLR_SSL_CHECK_PEER_NAME has, then users will see no issues when using Solr as they had been. If users want to separate their server/client settings. They can always still provide the solr.jetty.ssl.sniHostCheck option themselves in SOLR_OPTS, which will override the option defaulted by Solr.

Attachments

Issue Links

links to

GitHub Pull Request #1897

Activity

People

Assignee:: Houston Putman

Reporter:: Houston Putman

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 07/Sep/23 16:41

Updated:: 15/Oct/23 20:13

Resolved:: 08/Sep/23 15:18

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m