[NIFI-2186] Cluster communication treats client and server sockets identically for peer certificate DN extraction - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.0.0
Fix Version/s: 1.0.0, 1.0.0-Beta
Component/s: Core Framework
Labels:
- certificate
- cluster
- security
- tls

Description

The code to extract the peer certificate DN is identical for client and server SSLSocket, which means that servers are subject to the nifi.security.needClientAuth setting being set to true. Server certificates must be present in a secure connection regardless of this setting. This was fixed in 0.x in ~~NIFI-2119~~ and must be ported to the master branch.

Attachments

Issue Links

is related to

NIFI-2119 Secure clustering returning bad request response

Resolved

links to

GitHub Pull Request #622

Activity

People

Assignee:: Andy LoPresto

Reporter:: Andy LoPresto

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 06/Jul/16 18:57

Updated:: 04/Aug/16 21:23

Resolved:: 14/Jul/16 14:35