merlimat commented on a change in pull request #1208: Add hostname-verification at client tls connection URL: https://github.com/apache/incubator-pulsar/pull/1208#discussion_r167302047
########## File path: pulsar-client/src/main/java/org/apache/pulsar/client/api/ClientConfiguration.java ########## @@ -356,4 +357,21 @@ public void setMaxNumberOfRejectedRequestPerConnection(int maxNumberOfRejectedRe this.maxNumberOfRejectedRequestPerConnection = maxNumberOfRejectedRequestPerConnection; } + public boolean isTlsHostnameVerificationEnable() { + return tlsHostnameVerificationEnable; + } + + /** + * It allows to validate hostname verification when client connects to broker over tls. It validates incoming x509 + * certificate and matches provided hostname(CN/SAN) with expected broker's host name. It follows RFC 2818, 3.1. Server + * Identity hostname verification. + * + * @see <a href="https://tools.ietf.org/html/rfc2818">rfc2818</a> + * + * @param tlsHostnameVerificationEnable + */ + public void setTlsHostnameVerificationEnable(boolean tlsHostnameVerificationEnable) { Review comment: Sure, we should just make sure the same check are done in http vs protobuf for the same config ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services