lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Davids (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-5868) HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname verifier to simplify SSL setup
Date Tue, 18 Mar 2014 15:09:54 GMT

    [ https://issues.apache.org/jira/browse/SOLR-5868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13939358#comment-13939358
] 

Steve Davids commented on SOLR-5868:
------------------------------------

Would a system property of "solr.ssl.checkName" or "solr.ssl.checkPeerName" be acceptable?
This is modeled off of mod_ssl http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslproxycheckpeername.
I can update the patch to reflect the changes if this is the route we would like to go.

> HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname verifier to simplify
SSL setup
> -------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-5868
>                 URL: https://issues.apache.org/jira/browse/SOLR-5868
>             Project: Solr
>          Issue Type: Improvement
>    Affects Versions: 4.7
>            Reporter: Steve Davids
>            Assignee: Mark Miller
>             Fix For: 4.8, 5.0, 4.7.1
>
>         Attachments: SOLR-5868.patch
>
>
> The default HttpClient hostname verifier is the BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
which verifies the hostname that is being connected to matches the hostname presented within
the certificate. This is meant to protect clients that are making external requests out across
the internet, but requests within the the SOLR cluster should be trusted and can be relaxed
to simplify the SSL/certificate setup process.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message