[
https://issues.apache.org/jira/browse/SOLR-5868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13938658#comment-13938658
]
Shawn Heisey commented on SOLR-5868:
------------------------------------
In my opinion, by default, HttpClient should fully verify the certificate for
anything it talks to, including the hostname.
I can understand the motivation here, and I agree that this needs to be
possible ... so make it configurable, but don't make it the default. Or is
there something about this that I'm not grasping?
> HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname verifier
> to simplify SSL setup
> -------------------------------------------------------------------------------------------------
>
> Key: SOLR-5868
> URL: https://issues.apache.org/jira/browse/SOLR-5868
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 4.7
> Reporter: Steve Davids
> Assignee: Mark Miller
> Fix For: 4.8, 5.0, 4.7.1
>
> Attachments: SOLR-5868.patch
>
>
> The default HttpClient hostname verifier is the
> BROWSER_COMPATIBLE_HOSTNAME_VERIFIER which verifies the hostname that is
> being connected to matches the hostname presented within the certificate.
> This is meant to protect clients that are making external requests out across
> the internet, but requests within the the SOLR cluster should be trusted and
> can be relaxed to simplify the SSL/certificate setup process.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
