From 2ddcfd8533c6760f8d30a7d97b0b4cee879e530a Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Thu, 24 Oct 2024 15:52:34 +0200 Subject: [PATCH 1/2] feat: Disable NiFi 2.0 SNI check --- CHANGELOG.md | 1 + .../patches/2.0.0-M4/004-disable-sni-check.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 nifi/stackable/patches/2.0.0-M4/004-disable-sni-check.patch diff --git a/CHANGELOG.md b/CHANGELOG.md index f5b7dc5dd..45db1cdf8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,7 @@ All notable changes to this project will be documented in this file. - Make username, user id, group id configurable, use numeric ids everywhere, change group of all files to 0 ([#849], [#890], [#897]). - ci: Bump `stackabletech/actions` to 0.0.7 ([#901], [#903]). - ubi-rust-builder: Bump Rust toolchain to 1.81.0 ([#902]). +- nifi: Disable the SNI check in NiFi 2.0, see [the decision](https://github.com/stackabletech/decisions/issues/34) ([#XXX]). ### Removed diff --git a/nifi/stackable/patches/2.0.0-M4/004-disable-sni-check.patch b/nifi/stackable/patches/2.0.0-M4/004-disable-sni-check.patch new file mode 100644 index 000000000..a6b0eb914 --- /dev/null +++ b/nifi/stackable/patches/2.0.0-M4/004-disable-sni-check.patch @@ -0,0 +1,13 @@ +diff --git a/nifi-commons/nifi-jetty-configuration/src/main/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java b/nifi-commons/nifi-jetty-configuration/src/main/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java +index 1f36ca1116..87e04091c9 100644 +--- a/nifi-commons/nifi-jetty-configuration/src/main/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java ++++ b/nifi-commons/nifi-jetty-configuration/src/main/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java +@@ -183,6 +183,8 @@ public class StandardServerConnectorFactory implements ServerConnectorFactory { + httpConfiguration.setSendServerVersion(SEND_SERVER_VERSION); + + final SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer(); ++ // Disable the SNI check, see https://github.com/stackabletech/decisions/issues/34 ++ secureRequestCustomizer.setSniHostCheck(false); + httpConfiguration.addCustomizer(secureRequestCustomizer); + } + From e1fca41f98e9e27f19716a7193dd92942a16b579 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Thu, 24 Oct 2024 15:53:45 +0200 Subject: [PATCH 2/2] changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45db1cdf8..09c7a1d65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,7 +35,7 @@ All notable changes to this project will be documented in this file. - Make username, user id, group id configurable, use numeric ids everywhere, change group of all files to 0 ([#849], [#890], [#897]). - ci: Bump `stackabletech/actions` to 0.0.7 ([#901], [#903]). - ubi-rust-builder: Bump Rust toolchain to 1.81.0 ([#902]). -- nifi: Disable the SNI check in NiFi 2.0, see [the decision](https://github.com/stackabletech/decisions/issues/34) ([#XXX]). +- nifi: Disable the SNI check in NiFi 2.0, see [the decision](https://github.com/stackabletech/decisions/issues/34) ([#908]). ### Removed @@ -94,6 +94,7 @@ All notable changes to this project will be documented in this file. [#901]: https://github.com/stackabletech/docker-images/pull/901 [#902]: https://github.com/stackabletech/docker-images/pull/902 [#903]: https://github.com/stackabletech/docker-images/pull/903 +[#908]: https://github.com/stackabletech/docker-images/pull/908 ## [24.7.0] - 2024-07-24