Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-13941

Correct Maximum DNS Name Length for Generated Certificates

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 2.0.0
    • None
    • None

    Description

      The nifi.web.proxy.host property provides optional DNS names for NiFi running behind a reverse proxy or gateway, and the automated certificate generation process considers property values when adding DNS Subject Alternative Names.

      Recent updates to remove the optional port element set a maximum length of 64 characters for the entire DNS address, which is the limit for a label, but an not the entire address according to RFC 1035. The length limitation should be changed to 255 as described in RFC 1035 Section 2.3.4.

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. NIFI-13823 Inconsistency between nifi.web.proxy.host format and TLS SubjectAlternativeNames

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #9462

          Activity

            People

              exceptionfactory David Handermann
              exceptionfactory David Handermann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m