lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Rowe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-7449) solr/server/etc/jetty-https-ssl.xml hard codes the key store file and password rather than pulling them from the sysprops defined in solr/bin/solr.in.{sh,bat}
Date Wed, 22 Apr 2015 22:10:58 GMT

    [ https://issues.apache.org/jira/browse/SOLR-7449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14508021#comment-14508021
] 

Steve Rowe commented on SOLR-7449:
----------------------------------

Here's a working patch that uses the SSL sysprops set in {{bin/solr.in.sh}}/{{bin/solr.in.bat}}:

{code:java}
Index: solr/server/etc/jetty-https-ssl.xml
===================================================================
--- solr/server/etc/jetty-https-ssl.xml	(revision 1675460)
+++ solr/server/etc/jetty-https-ssl.xml	(working copy)
@@ -41,8 +41,10 @@
         <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
           <Arg>
             <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
-              <Set name="keyStore"><SystemProperty name="jetty.home" default="."/>/etc/solr-ssl.keystore.jks</Set>
-              <Set name="keyStorePassword">secret</Set>
+              <Set name="keyStore"><SystemProperty name="javax.net.ssl.keyStore"
default="./etc/solr-ssl.keystore.jks"/></Set>
+              <Set name="keyStorePassword"><SystemProperty name="javax.net.ssl.keyStorePassword"
default="secret"/></Set>
+              <Set name="trustStore"><SystemProperty name="javax.net.ssl.trustStore"
default="./etc/solr-ssl.keystore.jks"/></Set>
+              <Set name="trustStorePassword"><SystemProperty name="javax.net.ssl.trustStorePassword"
default="secret"/></Set>
               <Set name="needClientAuth"><SystemProperty name="jetty.ssl.clientAuth"
default="false"/></Set>
             </New>
           </Arg>
{code}

> solr/server/etc/jetty-https-ssl.xml hard codes the key store file and password rather
than pulling them from the sysprops defined in solr/bin/solr.in.{sh,bat}
> --------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-7449
>                 URL: https://issues.apache.org/jira/browse/SOLR-7449
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 5.1
>            Reporter: Steve Rowe
>
> [~shalinmangar] pointed out this issue out to me.  
> The hard-coded values in {{jetty-https-ssl.xml}} are the same as the ones in the tutorial,
so people creating the keystore as described in the tutorial are able to run Solr in SSL mode.
> Also {{jetty-https-ssl.xml}} doesn't configure a trust store (or a password for it),
so there's no way currently to have a different trust store from the key store.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message