[ https://issues.apache.org/jira/browse/ARROW-10105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17207796#comment-17207796 ]
James Duong commented on ARROW-10105: ------------------------------------- Thanks [~lidavidm], that seems to have helped with the failures in existing tests. For the CentOS 5.11 build I will look into explicitly removing the gRPC included with the OS. The newly-added tests for Python and C++ are failing. The TlsCredentials interface seems to require passing in a root PEM, whereas SslCredentials has will use a default if it's not supplied. It either uses a file based on an environment variable, or uses a CA cert supplied by gRPC's installation process. I don't see a way to access the latter though. It's in a non-exposed class: https://github.com/grpc/grpc/blob/ff8ceb700e8a53ed4087edc006830da372b1199a/src/core/lib/security/security_connector/ssl_utils.cc#L525 I'll continue digging to see if there's a way to get to this path, but we may need to supply our own CA certs file. The content of the root certificate really shouldn't actually matter since this feature is to disable server verification. It would matter if we change TLS in general to use TlsCredentials. > [FlightRPC] Add client option to disable certificate validation with TLS > ------------------------------------------------------------------------ > > Key: ARROW-10105 > URL: https://issues.apache.org/jira/browse/ARROW-10105 > Project: Apache Arrow > Issue Type: New Feature > Components: C++, FlightRPC, Java, Python > Reporter: James Duong > Assignee: James Duong > Priority: Major > Labels: pull-request-available > Fix For: 2.0.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > Users of Flight may want to disable certificate validation if they want to > only use encryption. A use case might be that the Flight server uses a > self-signed certificate and doesn't distribute a certificate for clients to > use. > This feature would be to add an explicit option to FlightClient.Builder to > disable certificate validation. Note that this should not happen implicitly > if a client uses a TLS location, but does not set a certificate. The client > should explicitly set this option so that they are fully aware that they are > making a connection with reduced security. -- This message was sent by Atlassian Jira (v8.3.4#803005)