lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Risden <kris...@apache.org>
Subject Re: Client Cert Broken in Solr 8.2.0 because of a Jetty Issue (workaround included)
Date Thu, 19 Dec 2019 16:49:57 GMT
Thanks for the report Ryan. It looks like this fell through the cracks and
was reported a second time in Jira.

https://issues.apache.org/jira/browse/SOLR-14106

I have a patch up there that should help with some comments about multiple
clientAuth certificates.

Kevin Risden


On Fri, Sep 27, 2019 at 1:04 PM Ryan Rockenbaugh
<ryan_rock@yahoo.com.invalid> wrote:

> All,
> If you are using client authentication with SSL in Solr
> (SOLR_SSL_NEED_CLIENT_AUTH=true or  SOLR_SSL_WANT_CLIENT_AUTH=true), be
> advised that Jetty made a change that will break Solr 8.2.0
> The version of Jetty packaged with Solr 8.2.0 changed to 9.4.19.v20190610
> (see
> https://lucene.apache.org/solr/8_2_0/changes/Changes.html#v8.2.0.versions_of_major_components
> )
> The official Jetty issue is here:
> https://github.com/eclipse/jetty.project/issues/3554
> The stated fix is:
>     Set endpointIdentificationAlgorithm=null or better yet use
> SslContextFactory.Server instead of a plain SslContextFactory.
> I found I couldn't change the class from SslContextFactory to
> SslContextFactory.Server
> My workaround was to update the file server/etc/jetty-ssl.xml, adding the
> following entry to the <Configure id="sslContextFactory" ...> element:
>
>     <Set name="EndpointIdentificationAlgorithm"></Set>
> Thanks,
> Ryan Rockenbaugh
>
>
>
>
>
> "Do all the good you can, By all the means you can, In all the ways
> you can, In all the places you can, At all the times you can, To all
> the people you can, As long as ever you can."
>
>  - John Wesley

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message