nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-2266) GetHTTP and PutHTTP use hard-coded TLS protocol version
Date Mon, 12 Sep 2016 20:59:21 GMT 

    [ https://issues.apache.org/jira/browse/NIFI-2266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15485276#comment-15485276
] 

ASF GitHub Bot commented on NIFI-2266:
--------------------------------------

Github user pvillard31 commented on the issue:

    https://github.com/apache/nifi/pull/999
  
    Hey @alopresto,
    
    I have this unit test failing:
    ````
    Tests run: 7, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.999 sec <<<
FAILURE! - in org.apache.nifi.processors.standard.TestGetHTTPGroovy
    testGetHTTPShouldConnectToServerWithTLSv1(org.apache.nifi.processors.standard.TestGetHTTPGroovy)
 Time elapsed: 0.094 sec  <<< FAILURE!
    java.lang.AssertionError: expected:<1> but was:<2>
    	at org.junit.Assert.fail(Assert.java:88)
    	at org.junit.Assert.failNotEquals(Assert.java:834)
    	at org.junit.Assert.assertEquals(Assert.java:645)
    	at org.junit.Assert.assertEquals(Assert.java:631)
    	at org.apache.nifi.util.StandardProcessorTestRunner.assertTransferCount(StandardProcessorTestRunner.java:318)
    	at org.apache.nifi.util.StandardProcessorTestRunner.assertAllFlowFilesTransferred(StandardProcessorTestRunner.java:313)
    	at org.apache.nifi.util.TestRunner$assertAllFlowFilesTransferred$5.call(Unknown Source)
    	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
    	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
    	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
    	at org.apache.nifi.processors.standard.TestGetHTTPGroovy$_testGetHTTPShouldConnectToServerWithTLSv1_closure7.doCall(TestGetHTTPGroovy.groovy:331)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    	at java.lang.reflect.Method.invoke(Method.java:498)
    	at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
    	at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
    	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
    	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019)
    	at groovy.lang.Closure.call(Closure.java:426)
    	at groovy.lang.Closure.call(Closure.java:442)
    	at org.codehaus.groovy.runtime.DefaultGroovyMethods.each(DefaultGroovyMethods.java:2030)
    	at org.codehaus.groovy.runtime.DefaultGroovyMethods.each(DefaultGroovyMethods.java:2015)
    	at org.codehaus.groovy.runtime.DefaultGroovyMethods.each(DefaultGroovyMethods.java:2056)
    	at org.codehaus.groovy.runtime.dgm$162.invoke(Unknown Source)
    	at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:274)
    	at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:56)
    	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
    	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
    	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
    	at org.apache.nifi.processors.standard.TestGetHTTPGroovy.testGetHTTPShouldConnectToServerWithTLSv1(TestGetHTTPGroovy.groovy:324)
    ````
    
    And the logs I have when only running this test in Eclipse:
    ````
    [main] INFO org.eclipse.jetty.util.log - Logging initialized @1147ms
    [main] INFO org.apache.nifi.processors.standard.TestGetHTTPGroovy - Created server with
supported protocols: [TLSv1, TLSv1.1, TLSv1.2]
    [main] INFO org.apache.nifi.processors.standard.TestGetHTTPGroovy - JCE unlimited strength
installed: false
    [main] INFO org.apache.nifi.processors.standard.TestGetHTTPGroovy - Supported client cipher
suites: [...]
    [main] INFO org.apache.nifi.processors.standard.TestGetHTTPGroovy - Created server with
supported protocols: [TLSv1]
    [main] INFO org.eclipse.jetty.server.Server - jetty-9.3.9.v20160517
    [main] INFO org.eclipse.jetty.server.handler.ContextHandler - Started o.e.j.s.ServletContextHandler@1a914089{/,file:///.../nifi/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/TestGetHTTP/,AVAILABLE}
    [main] INFO org.eclipse.jetty.util.ssl.SslContextFactory - x509=X509@2b999ee8(localhost,h=[],w=[])
for SslContextFactory@31ab1e67(file:///.../nifi/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/localhost-ks.jks,null)
    [main] INFO org.eclipse.jetty.util.ssl.SslContextFactory - x509=X509@29bbc391(mykey,h=[],w=[])
for SslContextFactory@31ab1e67(file:///.../nifi/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/localhost-ks.jks,null)
    [main] INFO org.eclipse.jetty.server.AbstractConnector - Started ServerConnector@5bb8e6fc{SSL,[ssl,
http/1.1]}{localhost:8456}
    [main] INFO org.eclipse.jetty.server.Server - Started @2219ms
    [main] INFO org.apache.nifi.processors.standard.TestGetHTTPGroovy - Set context service
protocol to TLSv1
    [main] INFO org.apache.nifi.processors.standard.TestGetHTTPGroovy - GetHTTP supported
protocols: TLSv1
    [main] INFO org.apache.nifi.processors.standard.TestGetHTTPGroovy - GetHTTP supported
cipher suites: [...]
    [pool-1-thread-1] WARN org.apache.nifi.processors.standard.GetHTTP - GetHTTP[id=7352e3c6-dd19-4954-bcf6-6b25a8870641]
found FlowFile FlowFile[0,2652169680397441.mockFlowFile,22B] in input queue; transferring
to success
    [qtp1784053627-18] INFO / - Groovy servlet initialized on groovy.util.GroovyScriptEngine@6d2347a2.
    [pool-1-thread-1] INFO org.apache.nifi.processors.standard.GetHTTP - GetHTTP[id=7352e3c6-dd19-4954-bcf6-6b25a8870641]
Successfully received FlowFile[1,mockFlowfile_1473713477596,0B] from https://localhost:8456/GetHandler.groovy
at a rate of 0 bytes/sec; transferred to success
    [main] INFO org.eclipse.jetty.server.AbstractConnector - Stopped ServerConnector@5bb8e6fc{SSL,[ssl,
http/1.1]}{localhost:8456}
    [main] INFO org.eclipse.jetty.server.handler.ContextHandler - Stopped o.e.j.s.ServletContextHandler@1a914089{/,file:///.../nifi/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/TestGetHTTP/,UNAVAILABLE}
    ````


> GetHTTP and PutHTTP use hard-coded TLS protocol version
> -------------------------------------------------------
>
>                 Key: NIFI-2266
>                 URL: https://issues.apache.org/jira/browse/NIFI-2266
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 0.7.0, 0.6.1
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>              Labels: https, security, tls
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> As pointed out on the mailing list [1], the {{GetHTTP}} (and likely {{PutHTTP}}) processors
use a hard-coded TLS protocol version. {{PostHTTP}} also did this and was fixed by [NIFI-1688].

> The same fix should apply here and unit tests already exist which can be applied to the
other processors as well. 
> For future notice, {{InvokeHTTP}} is a better processor for generic HTTP operations and
has supported reading the TLS protocol version from the {{SSLContextService}} for some time.

> [1] https://lists.apache.org/thread.html/a48e2ebbc2231d685491ae6b856c760620efca5bff2c7249f915b24d@%3Cdev.nifi.apache.org%3E



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Mime
View raw message