Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5174 NiFi Compatibility with Java 11
  3. NIFI-6561

HTTPS S2S SAN Verification compatibility for JDK8 build running on JRE11

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Cannot Reproduce
    • 1.10.0
    • None
    • Security

    Description

      When testing Java 11 build compatibility, I found an issue with TLS certificates when using a remote process group looped back to an input port on the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.

      Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when attempting to send to local input port with RPG:

      2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <natog0.com> doesn't match any of the subject alternative names: [natog1.com]
      2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster

      But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            thenatog Nathan Gough
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment