From b2bf4862609ac942b5f7b5504da67f346e6320fd Mon Sep 17 00:00:00 2001
From: Bryan Bende <bbende@apache.org>
Date: Wed, 13 Dec 2017 15:02:30 -0500
Subject: [PATCH] NIFIREG-71 Making JettyServer set wantClientAuth to true when
 needClientAuth is false

---
 .../org/apache/nifi/registry/jetty/JettyServer.java  | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java b/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
index db3129b39..459a61b76 100644
--- a/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
+++ b/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
@@ -160,10 +160,14 @@ private void configureConnectors() {
     private SslContextFactory createSslContextFactory() {
         final SslContextFactory contextFactory = new SslContextFactory();
 
-        logger.error("" + properties.getNeedClientAuth());
-
-        // need client auth
-        contextFactory.setNeedClientAuth(properties.getNeedClientAuth());
+        // if needClientAuth is false then set want to true so we can optionally use certs
+        if (properties.getNeedClientAuth()) {
+            logger.info("Setting Jetty's SSLContextFactory needClientAuth to true");
+            contextFactory.setNeedClientAuth(true);
+        } else {
+            logger.info("Setting Jetty's SSLContextFactory wantClientAuth to true");
+            contextFactory.setWantClientAuth(true);
+        }
 
         /* below code sets JSSE system properties when values are provided */
         // keystore properties