diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2019-02-20 15:14:19 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-20 15:14:19 +0100 |
commit | 89bd2ef74191280ea516066acf6f95f1a28ba0b8 (patch) | |
tree | 501a4a8f722ca0fa13f1f9d463cc21ab4ab01550 | |
parent | 85e394563c8b711a1a0307c8ac5953c1817f5629 (diff) | |
parent | 489fbaba9d48999e0336a91255d5868addc46c2c (diff) |
Merge pull request #8559 from vespa-engine/bjorncs/upgrade-jetty
Bjorncs/upgrade jetty
4 files changed, 4 insertions, 2 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java index 1a7224fdc71..61ac8f7a7e2 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java @@ -124,6 +124,7 @@ public class ConfigserverSslContextFactoryProvider extends AbstractComponent imp .orElseGet(() -> updateKeystore(configserverIdentity, generateKeystorePassword(), keyProvider, ztsClient, zoneConfig)); factory.setKeyStore(keyStore); factory.setKeyStorePassword(""); + factory.setEndpointIdentificationAlgorithm(null); // disable https hostname verification of clients (must be disabled when using Athenz x509 certificates) return factory; } diff --git a/container-dependency-versions/pom.xml b/container-dependency-versions/pom.xml index 0f971078ffb..48cd9da9a01 100644 --- a/container-dependency-versions/pom.xml +++ b/container-dependency-versions/pom.xml @@ -452,7 +452,7 @@ <guava.version>20.0</guava.version> <guice.version>3.0</guice.version> <jaxb.version>2.3.0</jaxb.version> - <jetty.version>9.4.14.v20181114</jetty.version> + <jetty.version>9.4.15.v20190215</jetty.version> <slf4j.version>1.7.5</slf4j.version> <!-- These must be kept in sync with version used by current jersey2.version. --> diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java index d20c86528a5..dcc61b13bab 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java @@ -63,6 +63,7 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple factory.setTrustStore(truststore); factory.setKeyStore(keystore); factory.setKeyStorePassword(""); + factory.setEndpointIdentificationAlgorithm(null); // disable https hostname verification of clients (must be disabled when using Athenz x509 certificates) return factory; } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java index c381ba738a3..f9cdefeb5e8 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java @@ -16,7 +16,6 @@ import java.nio.file.Paths; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import java.util.Arrays; import java.util.List; /** @@ -55,6 +54,7 @@ public class DefaultSslContextFactoryProvider implements SslContextFactoryProvid factory.setTrustStore(createTruststore(sslConfig)); } factory.setProtocol("TLS"); + factory.setEndpointIdentificationAlgorithm(null); // disable hostname verification of client certs return factory; } |