merlimat commented on a change in pull request #1208: Add hostname-verification
at client tls connection
URL: https://github.com/apache/incubator-pulsar/pull/1208#discussion_r167302047
##########
File path:
pulsar-client/src/main/java/org/apache/pulsar/client/api/ClientConfiguration.java
##########
@@ -356,4 +357,21 @@ public void
setMaxNumberOfRejectedRequestPerConnection(int maxNumberOfRejectedRe
this.maxNumberOfRejectedRequestPerConnection =
maxNumberOfRejectedRequestPerConnection;
}
+ public boolean isTlsHostnameVerificationEnable() {
+ return tlsHostnameVerificationEnable;
+ }
+
+ /**
+ * It allows to validate hostname verification when client connects to
broker over tls. It validates incoming x509
+ * certificate and matches provided hostname(CN/SAN) with expected
broker's host name. It follows RFC 2818, 3.1. Server
+ * Identity hostname verification.
+ *
+ * @see <a href="https://tools.ietf.org/html/rfc2818";>rfc2818</a>
+ *
+ * @param tlsHostnameVerificationEnable
+ */
+ public void setTlsHostnameVerificationEnable(boolean
tlsHostnameVerificationEnable) {
Review comment:
Sure, we should just make sure the same check are done in http vs protobuf
for the same config
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
