[
https://issues.apache.org/jira/browse/NIFI-14858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18013735#comment-18013735
]
Lars Francke commented on NIFI-14858:
-------------------------------------
[~joewitt] We've interacted before, it's been a while but I hope you trust me
enough to believe that this was not meant in the way you presented it (I do
agree that this is how it could be summarised) but I opened this in good faith
and also the missing docs are in good faith. We don't even disagree on that and
I'm happy to document this as well.
But you're absolutely correct in your suggestion: If we can find another way of
enabling these use-cases I'm more than happy as well. I'm not tied to this
particular solution at all.
> Make SNI checking configurable
> ------------------------------
>
> Key: NIFI-14858
> URL: https://issues.apache.org/jira/browse/NIFI-14858
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 2.5.0
> Reporter: Lars Francke
> Assignee: Lars Francke
> Priority: Minor
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> As of NiFi 2.0 SNI certificates are required and the host must match.
> This is a problem for us (and others) when there is for example a load
> balancer in front which does not match the host name of NiFi.
> Instead of disabling the SNI check by default this makes it configurable.
>
> I propose introducing two new configuration properties:
> * nifi.web.https.sni.required (whether a SNI certificate is required)
> * nifi.web.https.sni.host.check (whether to check the Host from the SNI
> certificate against the incoming request)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
