You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by te...@apache.org on 2023/11/29 01:25:56 UTC
(pulsar) branch master updated: [improve][sec] Align the default mechanism for server to request certificates (#21625)
This is an automated email from the ASF dual-hosted git repository.
technoboy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new e820f90c925 [improve][sec] Align the default mechanism for server to request certificates (#21625)
e820f90c925 is described below
commit e820f90c925efdcab781771e485c5370a0f2fd4f
Author: Qiang Zhao <ma...@apache.org>
AuthorDate: Wed Nov 29 09:25:49 2023 +0800
[improve][sec] Align the default mechanism for server to request certificates (#21625)
---
.../java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java | 1 -
.../apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java | 6 +++++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java b/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
index 91c2f784cd7..1a7e806f0e6 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
@@ -87,7 +87,6 @@ public abstract class MockedPulsarStandalone implements AutoCloseable {
serviceConfiguration.setTlsKeyStorePassword(TLS_EC_KS_SERVER_PASS);
serviceConfiguration.setTlsTrustStore(TLS_EC_KS_TRUSTED_STORE);
serviceConfiguration.setTlsTrustStorePassword(TLS_EC_KS_TRUSTED_STORE_PASS);
- serviceConfiguration.setTlsRequireTrustedClientCertOnConnect(true);
serviceConfiguration.setBrokerClientTlsEnabled(true);
serviceConfiguration.setBrokerClientTlsEnabledWithKeyStore(true);
serviceConfiguration.setBrokerClientTlsKeyStore(TLS_EC_KS_BROKER_CLIENT_STORE);
diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
index c717127d085..a70857bdf3b 100644
--- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
+++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
@@ -201,7 +201,11 @@ public class KeyStoreSSLContext {
}
if (this.mode == Mode.SERVER) {
- sslEngine.setNeedClientAuth(this.needClientAuth);
+ if (needClientAuth) {
+ sslEngine.setNeedClientAuth(true);
+ } else {
+ sslEngine.setWantClientAuth(true);
+ }
sslEngine.setUseClientMode(false);
} else {
sslEngine.setUseClientMode(true);