Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-8096

Deprecate ClientAuth References in SslContextFactory and SSLContextService

    XMLWordPrintableJSON

    Details

      Description

      SslContextFactory in nifi-security-utils and SSLContextService in nifi-ssl-context-service-api include methods for creating an SSLContext based on a ClientAuth parameter. The SslContextFactory.initializeSSLContext() method calls setNeedClientAuth or setWantClientAuth on the default SSLParameters object according to the ClientAuth value provided.

      The default SSLParameters object returned from SSLContext.getDefaultSSLParameters() is a new copy for each invocation, which means that the value of ClientAuth passed to SslContextFactory does not influence whether client certificates will be required or requested. For this reason, the methods on SslContetFactory and SSLContextService that accept a ClientAuth parameter should be deprecated and references to these methods should be refactored.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                exceptionfactory David Handermann
                Reporter:
                exceptionfactory David Handermann
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1.5h
                  1.5h