lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christine Poerschke (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-10025) SOLR_SSL_OPTS are ignored in bin\solr.cmd
Date Thu, 26 Jan 2017 11:10:24 GMT

    [ https://issues.apache.org/jira/browse/SOLR-10025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15839569#comment-15839569
] 

Christine Poerschke commented on SOLR-10025:
--------------------------------------------

Linking SOLR-8491 which sounds similar or possibly even identical.

Do we know if 6.4 is affected by this, and if so might this be potential candidate for inclusion
in 6.4.1 release?

> SOLR_SSL_OPTS are ignored in bin\solr.cmd
> -----------------------------------------
>
>                 Key: SOLR-10025
>                 URL: https://issues.apache.org/jira/browse/SOLR-10025
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 6.3
>            Reporter: Andy Hind
>
> SSL config fails on windows.
> Requires fixes for late binding.
> See !SOLR_SSL_OPTS! below 
> {code}
> REM Select HTTP OR HTTPS related configurations
> set SOLR_URL_SCHEME=http
> set "SOLR_JETTY_CONFIG=--module=http"
> set "SOLR_SSL_OPTS= "
> IF DEFINED SOLR_SSL_KEY_STORE (
>   set "SOLR_JETTY_CONFIG=--module=https"
>   set SOLR_URL_SCHEME=https
>   set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!"
>   set "SOLR_SSL_OPTS=-Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE% -Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD%
-Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE% -Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD%
-Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH% -Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%"
>   IF DEFINED SOLR_SSL_CLIENT_KEY_STORE  (
>     set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! -Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE%
-Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE%
-Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%"
>   ) ELSE (
>     set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! -Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE%
-Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE%
-Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%"
>   )
> ) ELSE (
>   set SOLR_SSL_OPTS=
> )
> {code}
> We also use a non default keystore type and have to disable perr name chekcking:
> {code}
> -a "......... -Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.trustStoreType=JCEKS
-Dsolr.ssl.checkPeerName=false"
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message