[
https://issues.apache.org/jira/browse/NIFI-14353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17934406#comment-17934406
]
super dachuan commented on NIFI-14353:
--------------------------------------
[~exceptionfactory] I tested modifying the host configuration during the
upgrade process and found that avoiding the use of FQDN (with a trailing dot)
allows successful access. Thank you for your suggestions, Given that this
resolves the issue in my environment, I will proceed with closing this ticket.
> NiFi 2.0+ failure due to JDK HttpClient rejecting FQDNs with trailing dots
> --------------------------------------------------------------------------
>
> Key: NIFI-14353
> URL: https://issues.apache.org/jira/browse/NIFI-14353
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 2.0.0, 2.1.0, 2.2.0
> Reporter: super dachuan
> Priority: Major
>
> After upgrading to NiFi 2.0 or later, the internal HTTP client has been
> switched to JDK’s built-in HttpClient. This change introduces a strict
> validation check on server names via the SNIHostName class, which now rejects
> FQDNs that end with a trailing dot. In our environment, NiFi nodes are
> deployed as containers in a Kubernetes cluster where it is common to use
> FQDNs (with a trailing dot) as the host. Consequently, this leads to
> immediate login failures with the following error:
> {code:java}
> java.lang.IllegalArgumentException: Server name value of host_name cannot
> have the trailing dot
> at
> java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:941)
> at
> java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133)
> at
> org.apache.nifi.web.client.StandardWebClientService$StandardHttpRequestBodySpec.getResponse(StandardWebClientService.java:354)
> at
> org.apache.nifi.web.client.StandardWebClientService$StandardHttpRequestBodySpec.retrieve(StandardWebClientService.java:339)
> at
> org.apache.nifi.cluster.coordination.http.replication.client.StandardHttpReplicationClient.replicate(StandardHttpReplicationClient.java:204)
> at
> org.apache.nifi.cluster.coordination.http.replication.client.StandardHttpReplicationClient.replicate(StandardHttpReplicationClient.java:198)
> at
> org.apache.nifi.cluster.coordination.http.replication.client.StandardHttpReplicationClient.replicate(StandardHttpReplicationClient.java:148)
> at
> org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:641)
> at
> org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:860)
> at
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
> at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
> at java.base/java.lang.Thread.run(Thread.java:1583)
> Caused by: java.lang.IllegalArgumentException: Server name value of host_name
> cannot have the trailing dot
> at
> java.base/javax.net.ssl.SNIHostName.checkHostName(SNIHostName.java:319)
> at java.base/javax.net.ssl.SNIHostName.<init>(SNIHostName.java:109)
> at
> java.net.http/jdk.internal.net.http.AbstractAsyncSSLConnection.createSSLParameters(AbstractAsyncSSLConnection.java:127)
> at
> java.net.http/jdk.internal.net.http.AbstractAsyncSSLConnection.<init>(AbstractAsyncSSLConnection.java:78)
> at
> java.net.http/jdk.internal.net.http.AsyncSSLConnection.<init>(AsyncSSLConnection.java:48)
> at
> java.net.http/jdk.internal.net.http.HttpConnection.getSSLConnection(HttpConnection.java:306)
> at
> java.net.http/jdk.internal.net.http.HttpConnection.getConnection(HttpConnection.java:292)
> at
> java.net.http/jdk.internal.net.http.Http2Connection.createAsync(Http2Connection.java:518)
> at
> java.net.http/jdk.internal.net.http.Http2ClientImpl.getConnectionFor(Http2ClientImpl.java:138)
> at
> java.net.http/jdk.internal.net.http.ExchangeImpl.get(ExchangeImpl.java:94)
> at
> java.net.http/jdk.internal.net.http.Exchange.establishExchange(Exchange.java:391)
> at
> java.net.http/jdk.internal.net.http.Exchange.responseAsyncImpl0(Exchange.java:584)
> at
> java.net.http/jdk.internal.net.http.Exchange.responseAsyncImpl(Exchange.java:428)
> at
> java.net.http/jdk.internal.net.http.Exchange.responseAsync(Exchange.java:420)
> at
> java.net.http/jdk.internal.net.http.MultiExchange.responseAsyncImpl(MultiExchange.java:413)
> at
> java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsync0$2(MultiExchange.java:346)
> at
> java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1150)
> at
> java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
> at
> java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1773)
> at
> java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:177)
> at
> java.base/java.util.concurrent.CompletableFuture.completeAsync(CompletableFuture.java:2719)
> at
> java.net.http/jdk.internal.net.http.MultiExchange.responseAsync(MultiExchange.java:299)
> at
> java.net.http/jdk.internal.net.http.HttpClientImpl.sendAsync(HttpClientImpl.java:1049)
> at
> java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:930)
> ... 13 common frames omitted{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
