Support hostname verification on proxy to broker connection #1214
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rdhabalia
added
type/enhancement
merlimat
reviewed
Feb 10, 2018
pulsar-proxy/pom.xml
Outdated
| <dependency> | ||
| <groupId>commons-logging</groupId> | ||
| <artifactId>commons-logging</artifactId> | ||
| <version>1.1.1</version> |
There was a problem hiding this comment.
We shouldn't need version here.
There was a problem hiding this comment.
that's true, it's already part of pulsar-client-original so, need to include here.
conf/proxy.conf
Outdated
| @@ -74,3 +74,6 @@ tlsCertificateFilePath= | |||
|
|
|||
| # Path for the TLS private key file | |||
| tlsKeyFilePath= | |||
|
|
|||
| # Validates hostname when proxy creates tls connection with broker | |||
| isTlsHostnameVerificationEnable=false | |||
There was a problem hiding this comment.
-> isTlsHostnameVerificationEnabled ?
or
enableTlsHostnameVerification
There was a problem hiding this comment.
as all the tls related config has tls prefix so, I have renamed it to tlsHostnameVerificationEnabled
|
@rdhabalia Can you also create an issue for adding hostname verification in C++? |
|
sure, created : #1215 |
jai1
pushed a commit
that referenced
this pull request
Feb 14, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
In #1208, we have added support for hostname verification at client when client creates tls connection with broker and proxy.
However, if proxy is also not in local n/w then it would also require to support hostname verification when it connects with broker.
Modifications
add option at proxy which forces proxy to do hostname verification when it connects to broker.
Result
proxy can support hostname verification when it connects to broker.
After your change, what will change.