Andor Molnar created ZOOKEEPER-4986:
---------------------------------------
Summary: Disable reverse DNS lookup in TLS client and server
Key: ZOOKEEPER-4986
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4986
Project: ZooKeeper
Issue Type: Bug
Components: security, server
Affects Versions: 3.9.4, 3.10.0
Reporter: Andor Molnar
Assignee: Andor Molnar
Port the property behavior from [Apache
HBase|https://github.com/apache/hbase/commit/5baeacb7d65f8ec3386690cadbf5e091e20b7b23#diff-b8e69e4d42340619ee4cd63d9e45d7224727f78c05da70ff9ce080c1d33e36d6R157]
which controls wether reverse DNS lookup is allowed in TLS handshake if the
hostname is not available (e.g. connect via IP address, client hostname
verification, etc.)
Disable reverse DNS lookups by default for both quorum and client protocols to
be consistent. This should be safe from backward compatibility perspective in a
new major (minor?) version if we cut 4.0.0 from master soon. In a
{{branch-3.9}} backport we should enable reverse lookup in the quorum protocol
by default to support smooth transition.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
