haneel-kumar commented on issue #790: URL: https://github.com/apache/arrow-java/issues/790#issuecomment-2999321598
I see the main reason why the client is still able to communicate with the server even without a secure (TLS/mTLS) connection is because the critical part of the logic resides in the **createFlightClient()** method: <img width="872" alt="Image" src="https://github.com/user-attachments/assets/8bff97a9-4521-4c1b-afb8-455b19b2f156"; /> So when `config.getArrowFlightServerSslEnabled()` is **false**, the code creates an **insecure (unencrypted) gRPC** connection using `Location.forGrpcInsecure(...)`. As a result, any TLS certificate settings later in the code are ignored as shown in the above comment, since TLS can't be applied to an insecure channel. <img width="1030" alt="Image" src="https://github.com/user-attachments/assets/fc7403cb-aa60-487f-8be7-b4f9f01d639f"; /> Even though the above logic is implemented, the initial choice of `Location.forGrpcInsecure` takes **precedence** and **overrides** any subsequent certificate configurations. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
