[ https://issues.apache.org/jira/browse/ARROW-10105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17207721#comment-17207721 ]
James Duong commented on ARROW-10105: ------------------------------------- Another problem I'm seeing is that this is appearing in existing C++ TLS tests after updating gRPC to 1.29 (this is with no other code changes), though the tests still succeed: https://github.com/apache/arrow/pull/8325/checks?check_run_id=1205585340#step:8:3529 E1004 14:59:52.344787303 12247 ssl_security_connector.cc:263] Handshaker factory creation failed with TSI_INVALID_ARGUMENT. E1004 14:59:52.344849303 12247 server_secure_chttp2.cc:81] {"created":"@1601823592.344842403","description":"Unable to create secure server with credentials of type Ssl","file":"../src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":63} I don't think this was showing up before. Existing python TLS tests do fail though: https://github.com/apache/arrow/pull/8325/checks?check_run_id=1205585202#step:8:4378 E1004 14:40:34.743438426 7680 ssl_transport_security.cc:1439] Handshake failed with fatal error SSL_ERROR_SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number. I believe the test certificates are using SSL v3, which may be deprecated. I'm not sure if these two issues are related (eg, the server fails to properly start in C++ due to now SSL v3 deprecation). > [FlightRPC] Add client option to disable certificate validation with TLS > ------------------------------------------------------------------------ > > Key: ARROW-10105 > URL: https://issues.apache.org/jira/browse/ARROW-10105 > Project: Apache Arrow > Issue Type: New Feature > Components: C++, FlightRPC, Java, Python > Reporter: James Duong > Assignee: James Duong > Priority: Major > Labels: pull-request-available > Fix For: 2.0.0 > > Time Spent: 1h > Remaining Estimate: 0h > > Users of Flight may want to disable certificate validation if they want to > only use encryption. A use case might be that the Flight server uses a > self-signed certificate and doesn't distribute a certificate for clients to > use. > This feature would be to add an explicit option to FlightClient.Builder to > disable certificate validation. Note that this should not happen implicitly > if a client uses a TLS location, but does not set a certificate. The client > should explicitly set this option so that they are fully aware that they are > making a connection with reduced security. -- This message was sent by Atlassian Jira (v8.3.4#803005)