You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/05/27 03:25:00 UTC

[GitHub] [pulsar-client-go] zzzming commented on a change in pull request #238: Implement TLS VerifyPeerCertificate callback to skip hostname verfication

zzzming commented on a change in pull request #238:
URL: https://github.com/apache/pulsar-client-go/pull/238#discussion_r430440967



##########
File path: pulsar/internal/connection.go
##########
@@ -713,6 +713,41 @@ func (c *connection) getTLSConfig() (*tls.Config, error) {
 
 	if c.tlsOptions.ValidateHostname {
 		tlsConfig.ServerName = c.physicalAddr.Hostname()

Review comment:
       @EronWright you are right that ServerName should be set as suggested by https://github.com/golang/go/blob/62a3f2e27c7732656bb3ae8f14047b74a9956e77/src/crypto/tls/common.go#L542
   I think the problem is the default value of TLSValidateHostname is `false`. It should have been called `DisabledTLSValidateHostname`. Do you have any suggestion how to handle backward compatibility of TLSValidateHostname? 
   I made an update to add ServerName but only skip verification if InsecureSkipVerify is true.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org