pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] ivankelly opened a new issue #3333: TLS Hostname verification doesn't get disabled if using https lookup in PulsarClient
Date Tue, 08 Jan 2019 15:46:16 GMT
ivankelly opened a new issue #3333: TLS Hostname verification doesn't get disabled if using
https lookup in PulsarClient
URL: https://github.com/apache/pulsar/issues/3333
 
 
   **Describe the bug**
   If you connect to a broker using a https lookup url, and the cert doesn't match the hostname,
and hostname verification is disabled, it will complain about the hostname.
   
   **To Reproduce**
   Steps to reproduce the behavior:
   1. Configure a cluster with TLS authentication. The broker hostname shouldn't match the
cert CN.
   2. 
   ```java
   PulsarClient.builder()
               .serviceUrl("https://BROKER_HOSTNAME:8443")
               .enableTlsHostnameVerification(false)
               .authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
                                        "tlsCertFile:PATH_TO_CERT,tlsKeyFile:PATH_TO_KEY")
               .tlsTrustCertsFilePath(PATH_TO_CA).build();
   ```
   3. The  client will fail to connect and give an error about the hostname.
   
   **Expected behavior**
   It shouldn't try to verify the hostname.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message