[incubator-pulsar] branch branch-2.1 updated: C++ should default not allow insecure connections with TLS (#2229)

sijie Mon, 27 Aug 2018 01:56:46 -0700

This is an automated email from the ASF dual-hosted git repository.

sijie pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/incubator-pulsar.git



The following commit(s) were added to refs/heads/branch-2.1 by this push:
     new 227e1df  C++ should default not allow insecure connections with TLS 
(#2229)
227e1df is described below

commit 227e1dfd9dc3b62cdb13780064ff1751f9c34542
Author: Ivan Kelly <iv...@apache.org>
AuthorDate: Wed Jul 25 20:40:34 2018 +0100

    C++ should default not allow insecure connections with TLS (#2229)
    
    If tlsAllowInsecureConnection is true, then the client doesn't
    validate the server's TLS cert, allowing for MITM attacks. This
    shouldn't be the default option.
---
 pulsar-client-cpp/lib/ClientConfigurationImpl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pulsar-client-cpp/lib/ClientConfigurationImpl.h 
b/pulsar-client-cpp/lib/ClientConfigurationImpl.h
index 7160a65..cb23a14 100644
--- a/pulsar-client-cpp/lib/ClientConfigurationImpl.h
+++ b/pulsar-client-cpp/lib/ClientConfigurationImpl.h
@@ -44,7 +44,7 @@ struct ClientConfigurationImpl {
           concurrentLookupRequest(50000),
           logConfFilePath(),
           useTls(false),
-          tlsAllowInsecureConnection(true),
+          tlsAllowInsecureConnection(false),
           statsIntervalInSeconds(600),  // 10 minutes
           loggerFactory() {}
 };

[incubator-pulsar] branch branch-2.1 updated: C++ should default not allow insecure connections with TLS (#2229)

Reply via email to