nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alopresto <...@git.apache.org>
Subject [GitHub] nifi pull request #611: NIFI-2119 Fixed 0.7.0 release blocker for cluster se...
Date Wed, 06 Jul 2016 18:33:27 GMT
GitHub user alopresto opened a pull request:

    https://github.com/apache/nifi/pull/611

    NIFI-2119 Fixed 0.7.0 release blocker for cluster secure communications

    The client and server sockets were being treated the same when attempting to extract the
peer certificate DN (server sockets should not be subject to the influence of `nifi.security.needClientAuth`
in `nifi.properties`). 
    
    This has been tested on 2- and 3-node clusters with `needClientAuth` set to both *true*
and *false*. 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/alopresto/nifi NIFI-2119

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/611.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #611
    
----
commit 361e07a78cd0abd52b5ab144b7cdeba60af17ede
Author: Andy LoPresto <alopresto@apache.org>
Date:   2016-07-05T04:05:58Z

    NIFI-2119 Refactored CertificateUtils to separate logic for DN extraction from server/client
sockets. Added logic to detect server/client mode encapsulated in exposed method.
    Added unit tests for DN extraction.
    Corrected typo in Javadoc.

commit bed4bb3046e97aa719624df846a2c2b86015fe6d
Author: Andy LoPresto <alopresto@apache.org>
Date:   2016-07-06T17:05:44Z

    NIFI-2119 Switched server/client socket logic for certificate extraction -- when the local
socket is in client/server mode, the peer is necessarily the inverse.
    Fixed unit tests.
    Moved lazy-loading authentication access out of isDebugEnabled() control branch.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message