[
https://issues.apache.org/jira/browse/SOLR-5868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13938667#comment-13938667
]
Steve Davids commented on SOLR-5868:
------------------------------------
No, it can be configurable if we desire, but it will need to come from a system
property since there isn't a global way to set HttpClientUtil params up-front
at startup. This was more of an observation that while using solr in a
distributed fashion it would be a nightmare to keep up with changes to your
certificate when dealing with host names. HttpClient's default value is
completely reasonable for making external requests to other systems but I
believe in this case the reasonable default is to simplify the maintenance
nightmare that ensues with having the stricter policy, especially since all of
the requests are being made within the client's own clustered environment.
> HttpClient should be configured to use ALLOW_ALL_HOSTNAME hostname verifier
> to simplify SSL setup
> -------------------------------------------------------------------------------------------------
>
> Key: SOLR-5868
> URL: https://issues.apache.org/jira/browse/SOLR-5868
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 4.7
> Reporter: Steve Davids
> Assignee: Mark Miller
> Fix For: 4.8, 5.0, 4.7.1
>
> Attachments: SOLR-5868.patch
>
>
> The default HttpClient hostname verifier is the
> BROWSER_COMPATIBLE_HOSTNAME_VERIFIER which verifies the hostname that is
> being connected to matches the hostname presented within the certificate.
> This is meant to protect clients that are making external requests out across
> the internet, but requests within the the SOLR cluster should be trusted and
> can be relaxed to simplify the SSL/certificate setup process.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
