You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by te...@apache.org on 2023/11/29 01:25:56 UTC

(pulsar) branch master updated: [improve][sec] Align the default mechanism for server to request certificates (#21625)

This is an automated email from the ASF dual-hosted git repository.

technoboy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new e820f90c925 [improve][sec] Align the default mechanism for server to request certificates (#21625)
e820f90c925 is described below

commit e820f90c925efdcab781771e485c5370a0f2fd4f
Author: Qiang Zhao <ma...@apache.org>
AuthorDate: Wed Nov 29 09:25:49 2023 +0800

    [improve][sec] Align the default mechanism for server to request certificates (#21625)
---
 .../java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java | 1 -
 .../apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java   | 6 +++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java b/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
index 91c2f784cd7..1a7e806f0e6 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
@@ -87,7 +87,6 @@ public abstract class MockedPulsarStandalone implements AutoCloseable {
         serviceConfiguration.setTlsKeyStorePassword(TLS_EC_KS_SERVER_PASS);
         serviceConfiguration.setTlsTrustStore(TLS_EC_KS_TRUSTED_STORE);
         serviceConfiguration.setTlsTrustStorePassword(TLS_EC_KS_TRUSTED_STORE_PASS);
-        serviceConfiguration.setTlsRequireTrustedClientCertOnConnect(true);
         serviceConfiguration.setBrokerClientTlsEnabled(true);
         serviceConfiguration.setBrokerClientTlsEnabledWithKeyStore(true);
         serviceConfiguration.setBrokerClientTlsKeyStore(TLS_EC_KS_BROKER_CLIENT_STORE);
diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
index c717127d085..a70857bdf3b 100644
--- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
+++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
@@ -201,7 +201,11 @@ public class KeyStoreSSLContext {
         }
 
         if (this.mode == Mode.SERVER) {
-            sslEngine.setNeedClientAuth(this.needClientAuth);
+            if (needClientAuth) {
+                sslEngine.setNeedClientAuth(true);
+            } else {
+                sslEngine.setWantClientAuth(true);
+            }
             sslEngine.setUseClientMode(false);
         } else {
             sslEngine.setUseClientMode(true);