Yes, I thought it was not an acceptable change and thanks for confirming it.
We do want to enable host validation when user configures to use default context. So hostname validation will be enabled if `ssl-use-default-sslcontext=true` else if user provides keystore and truststore then hostname validation is disabled. On Thu, Aug 30, 2018 at 3:14 PM Anthony Baker <aba...@pivotal.io> wrote: > How would a rolling upgrade work if my certificates don’t pass hostname > verification? > > Would it be: > 1) Regenerate new certificates with correct SAN / CN information > 2) Deploy the new certificates > 3) Do a rolling restart > 4) Do a rolling upgrade to geode 1.7 > > *I think* that w/o steps 1-3 my application would break. What if we > deferred enabling hostname verification by default until the next major > version? > > Anthony > > > > On Aug 30, 2018, at 3:02 PM, Sai Boorlagadda <sai.boorlaga...@gmail.com> > wrote: > > > > okay! If users choose to disable hostname validation, then the warning in > > the log says in future releases the ability to disable will be removed. > > > > On Thu, Aug 30, 2018 at 2:59 PM Anthony Baker <aba...@pivotal.io> wrote: > > > >>> > >>> Also added a log to warn users if they disable hostname validation that > >> it > >>> will > >>> be mandatory to do validation. > >> > >> What does this mean? > >> > >> Anthony > >> > >> > >
