[pulsar] branch master updated: [fix][broker] Fix create client with TLS config (#16014)

Wed, 15 Jun 2022 06:41:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 22057ca0296 [fix][broker] Fix create client with TLS config (#16014)
22057ca0296 is described below

commit 22057ca0296e4eb6e0c9d41bc10e24bdbdc71efc
Author: Zixuan Liu <node...@gmail.com>
AuthorDate: Wed Jun 15 21:40:25 2022 +0800

    [fix][broker] Fix create client with TLS config (#16014)
    
    ### Motivation
    
    In PulsarService, create a client with an incorrect config.
    
    When `tlsEnabled` is `true`, and `brokerClientTlsEnabled` is `false`, users 
will meet `Failed reason: General OpenSslEngine problem`, due to 
`tlsTrustCertsFilePath` is incorrect.
    
    ### Modifications
    
    - Fix check TLS enable
    - Setup ciphers and protocols
    - Remove duplicate setTlsTrustCertsFilePath
---
 .../src/main/java/org/apache/pulsar/broker/PulsarService.java | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
index 920cbf8d689..afa599411bc 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
@@ -1418,12 +1418,13 @@ public class PulsarService implements AutoCloseable, 
ShutdownService {
                 ClientConfigurationData conf =
                         ConfigurationDataUtils.loadData(overrides, 
initialConf, ClientConfigurationData.class);
 
-                conf.setServiceUrl(this.getConfiguration().isTlsEnabled()
-                                ? this.brokerServiceUrlTls : 
this.brokerServiceUrl);
-                
conf.setTlsAllowInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
-                
conf.setTlsTrustCertsFilePath(this.getConfiguration().getTlsCertificateFilePath());
+                boolean tlsEnabled = 
this.getConfiguration().isBrokerClientTlsEnabled();
+                conf.setServiceUrl(tlsEnabled ? this.brokerServiceUrlTls : 
this.brokerServiceUrl);
 
-                if (this.getConfiguration().isBrokerClientTlsEnabled()) {
+                if (tlsEnabled) {
+                    
conf.setTlsCiphers(this.getConfiguration().getBrokerClientTlsCiphers());
+                    
conf.setTlsProtocols(this.getConfiguration().getBrokerClientTlsProtocols());
+                    
conf.setTlsAllowInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
                     if 
(this.getConfiguration().isBrokerClientTlsEnabledWithKeyStore()) {
                         conf.setUseKeyStoreTls(true);
                         
conf.setTlsTrustStoreType(this.getConfiguration().getBrokerClientTlsTrustStoreType());

Reply via email to