The update of Jetty dependency to version 9.4 (
DRILL-7135) has led to Drill no longer supporting a TLS server certificate with multiple Subject Alternate Name (SAN) values.
If you try to use a keystore containing a single cert with multiple SANs, you get the following error on startup of the Drillbit:
It appears that Jetty version 9.4 has deprecated the org.eclipse.jetty.util.ssl.SslContextFactory class, and Drill should now use the org.eclipse.jetty.util.ssl.SslContextFactory.Server class instead.
I was unable to find a Drill configuration file to change which class is used (eg an instance of jetty-ssl.xml), and it looks like the specific SslContextFactory class is hardcoded in org.apache.drill.exec.server.rest.ssl.SslContextFactoryConfigurator:
Relevant links for other products affected by the same issue: