[jira] [Created] (NIFI-14353) NiFi 2.0+ failure due to JDK HttpClient rejecting FQDNs with trailing dots

Tue, 11 Mar 2025 02:15:53 -0700 

super dachuan created NIFI-14353:
------------------------------------

             Summary: NiFi 2.0+ failure due to JDK HttpClient rejecting FQDNs 
with trailing dots
                 Key: NIFI-14353
                 URL: https://issues.apache.org/jira/browse/NIFI-14353
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework
    Affects Versions: 2.2.0, 2.1.0, 2.0.0
            Reporter: super dachuan


After upgrading to NiFi 2.0 or later, the internal HTTP client has been 
switched to JDK’s built-in HttpClient. This change introduces a strict 
validation check on server names via the SNIHostName class, which now rejects 
FQDNs that end with a trailing dot. In our environment, NiFi nodes are deployed 
as containers in a Kubernetes cluster where it is common to use FQDNs (with a 
trailing dot) as the host. Consequently, this leads to immediate login failures 
with the following error:
{code:java}
java.lang.IllegalArgumentException: Server name value of host_name cannot have 
the trailing dot
        at 
java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:941)
        at 
java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133)
        at 
org.apache.nifi.web.client.StandardWebClientService$StandardHttpRequestBodySpec.getResponse(StandardWebClientService.java:354)
        at 
org.apache.nifi.web.client.StandardWebClientService$StandardHttpRequestBodySpec.retrieve(StandardWebClientService.java:339)
        at 
org.apache.nifi.cluster.coordination.http.replication.client.StandardHttpReplicationClient.replicate(StandardHttpReplicationClient.java:204)
        at 
org.apache.nifi.cluster.coordination.http.replication.client.StandardHttpReplicationClient.replicate(StandardHttpReplicationClient.java:198)
        at 
org.apache.nifi.cluster.coordination.http.replication.client.StandardHttpReplicationClient.replicate(StandardHttpReplicationClient.java:148)
        at 
org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:641)
        at 
org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:860)
        at 
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
        at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.IllegalArgumentException: Server name value of host_name 
cannot have the trailing dot
        at 
java.base/javax.net.ssl.SNIHostName.checkHostName(SNIHostName.java:319)
        at java.base/javax.net.ssl.SNIHostName.<init>(SNIHostName.java:109)
        at 
java.net.http/jdk.internal.net.http.AbstractAsyncSSLConnection.createSSLParameters(AbstractAsyncSSLConnection.java:127)
        at 
java.net.http/jdk.internal.net.http.AbstractAsyncSSLConnection.<init>(AbstractAsyncSSLConnection.java:78)
        at 
java.net.http/jdk.internal.net.http.AsyncSSLConnection.<init>(AsyncSSLConnection.java:48)
        at 
java.net.http/jdk.internal.net.http.HttpConnection.getSSLConnection(HttpConnection.java:306)
        at 
java.net.http/jdk.internal.net.http.HttpConnection.getConnection(HttpConnection.java:292)
        at 
java.net.http/jdk.internal.net.http.Http2Connection.createAsync(Http2Connection.java:518)
        at 
java.net.http/jdk.internal.net.http.Http2ClientImpl.getConnectionFor(Http2ClientImpl.java:138)
        at 
java.net.http/jdk.internal.net.http.ExchangeImpl.get(ExchangeImpl.java:94)
        at 
java.net.http/jdk.internal.net.http.Exchange.establishExchange(Exchange.java:391)
        at 
java.net.http/jdk.internal.net.http.Exchange.responseAsyncImpl0(Exchange.java:584)
        at 
java.net.http/jdk.internal.net.http.Exchange.responseAsyncImpl(Exchange.java:428)
        at 
java.net.http/jdk.internal.net.http.Exchange.responseAsync(Exchange.java:420)
        at 
java.net.http/jdk.internal.net.http.MultiExchange.responseAsyncImpl(MultiExchange.java:413)
        at 
java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsync0$2(MultiExchange.java:346)
        at 
java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1150)
        at 
java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
        at 
java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1773)
        at 
java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:177)
        at 
java.base/java.util.concurrent.CompletableFuture.completeAsync(CompletableFuture.java:2719)
        at 
java.net.http/jdk.internal.net.http.MultiExchange.responseAsync(MultiExchange.java:299)
        at 
java.net.http/jdk.internal.net.http.HttpClientImpl.sendAsync(HttpClientImpl.java:1049)
        at 
java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:930)
        ... 13 common frames omitted{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to