zzzming commented on a change in pull request #238: URL: https://github.com/apache/pulsar-client-go/pull/238#discussion_r430440967
########## File path: pulsar/internal/connection.go ########## @@ -713,6 +713,41 @@ func (c *connection) getTLSConfig() (*tls.Config, error) { if c.tlsOptions.ValidateHostname { tlsConfig.ServerName = c.physicalAddr.Hostname() Review comment: @EronWright you are right that ServerName should be set as suggested by https://github.com/golang/go/blob/62a3f2e27c7732656bb3ae8f14047b74a9956e77/src/crypto/tls/common.go#L542 I think the problem is the default value of TLSValidateHostname is `false`. It should have been called `DisabledTLSValidateHostname`. Do you have any suggestion how to handle backward compatibility of TLSValidateHostname? I made an update to add ServerName but only skip verification if InsecureSkipVerify is true. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org