[jira] [Commented] (SOLR-9304) -Dsolr.ssl.checkPeerName=false ignored on master

Fri, 30 Mar 2018 17:12:59 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-9304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16421094#comment-16421094
 ] 

Carlton Findley commented on SOLR-9304:
---------------------------------------

I found an additional issue when testing this out. To support the bin/solr 
commandline tool, I had to add some logic there to read environment variables 
into arguments passed to the JVM. Not sure this is the ideal way to do this but 
does work. I have a patch but it is for 7.2.1, not main, so won't post here. 
But this is the change for linux, similar change needs to be added to solr.cmd. 
Then the solr.in.sh needs to have the value set. Added code in bold:

    if [ -n "$SOLR_SSL_TRUST_STORE_TYPE" ]; then
      SOLR_SSL_OPTS+=" 
-Djavax.net.ssl.trustStoreType=$SOLR_SSL_TRUST_STORE_TYPE"
    fi
  fi
  *if [ -n "$SOLR_SSL_CHECK_PEER_NAME" ]; then*
    *SOLR_SSL_OPTS+=" -Dsolr.ssl.checkPeerName=$SOLR_SSL_CHECK_PEER_NAME"*
  *fi*

> -Dsolr.ssl.checkPeerName=false ignored on master
> ------------------------------------------------
>
>                 Key: SOLR-9304
>                 URL: https://issues.apache.org/jira/browse/SOLR-9304
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 7.0
>            Reporter: Hoss Man
>            Priority: Major
>         Attachments: SOLR-9304-uses-deprecated.patch, SOLR-9304.patch, 
> SOLR-9304.patch, SOLR-9304.patch, SOLR-9304.patch
>
>
> {{-Dsolr.ssl.checkPeerName=false}} is completely ignored on master...
> {noformat}
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep 
> checkPeerName
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:  
> public static final String SYS_PROP_CHECK_PEER_NAME = 
> "solr.ssl.checkPeerName";
> hossman@tray:~/lucene/dev/solr [master] $ find -name \*.java | xargs grep 
> SYS_PROP_CHECK_PEER_NAME
> ./test-framework/src/java/org/apache/solr/util/SSLTestConfig.java:      
> boolean sslCheckPeerName = 
> toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)),
>  true);
> ./solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java:  
> public static final String SYS_PROP_CHECK_PEER_NAME = 
> "solr.ssl.checkPeerName";
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to