[NIFI-8096] Deprecate ClientAuth References in SslContextFactory and SSLContextService - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.12.1
Fix Version/s: 1.13.0
Component/s: Core Framework, Extensions, Security
Labels:
- security

Description

SslContextFactory in nifi-security-utils and SSLContextService in nifi-ssl-context-service-api include methods for creating an SSLContext based on a ClientAuth parameter. The SslContextFactory.initializeSSLContext() method calls setNeedClientAuth or setWantClientAuth on the default SSLParameters object according to the ClientAuth value provided.

The default SSLParameters object returned from SSLContext.getDefaultSSLParameters() is a new copy for each invocation, which means that the value of ClientAuth passed to SslContextFactory does not influence whether client certificates will be required or requested. For this reason, the methods on SslContetFactory and SSLContextService that accept a ClientAuth parameter should be deprecated and references to these methods should be refactored.

Attachments

Issue Links

relates to

NIFI-8121 ListenHTTP should support inferred Client Authentication

Resolved

links to

GitHub Pull Request #4737

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Dec/20 20:44

Updated:: 07/Jan/21 15:51

Resolved:: 06/Jan/21 21:25

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1.5h