[NIFI-6196] Upgrade version of Jetty - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.2
Fix Version/s: None
Component/s: Core Framework
Labels:
- Java11

Description

Upgrade version of Jetty to 9.4.15.v20190215 from 9.4.11.v20180605.

This upgrade is needed for building NiFi with Java 11.

Issues encountered during upgrade Resolution

As of Jetty 9.4.15.v20190215, certificate verification has changed. Previous to version 9.4.15.v20190215, org.eclipse.jetty.util.ssl.SslContextFactory.getEndpointIdentificationAlgorithm() returned null. As of version 9.4.15.v20190215, that method returns "HTTPS". This causes the SslContextFactory to verify the hostname on the other end of the connection, regardless of being used by a client or server. This works correctly for clients but results in a CertificateException on the server if the client cert does not contain the correct SAN. The following Jetty Github issues reference this scenario:

Update server SslContextFactory instances use org.eclipse.jetty.util.ssl.SslContextFactory.setEndpointIdentificationAlgorithm(null)

Several tests use the same keystore between client and server:

ITestHandleHttpRequest
TestInvokeHttpSSL
TestInvokeHttpTwoWaySSL
TestListenHTTP

Update tests to use a separate keystore for clients

Attachments

Issue Links

blocks

NIFI-5176 NiFi needs to be buildable on Java 11

Resolved

links to

GitHub Pull Request #3426

Activity

People

Assignee:: Jeff Storck

Reporter:: Jeff Storck

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Apr/19 19:39

Updated:: 28/Jun/19 17:50

Resolved:: 30/May/19 18:38

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: