Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5398

Identify cluster communication endpoints via combination of hostname and certificate rather than just certificate DN

    Details

      Description

      Currently, NiFi cluster communications have a number of instances where the remote endpoint is identified by extracting the distinguished name (DN) from the presented peer certificate (see SocketProtocolListener).

      Users who try to provide the same wildcard certificate to all cluster nodes will encounter issues with this approach. These instances should be investigated and changed to use a combination of the socket connections' remote hostname and the certificate to validate the unique hostname making the request.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                alopresto Andy LoPresto
              • Votes:
                2 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: