You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by ur...@apache.org on 2022/03/03 12:02:30 UTC
[pulsar-site] branch main updated: Docs sync done from apache/pulsar(#d01867e)
This is an automated email from the ASF dual-hosted git repository.
urfree pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pulsar-site.git
The following commit(s) were added to refs/heads/main by this push:
new ce94971 Docs sync done from apache/pulsar(#d01867e)
ce94971 is described below
commit ce949712bfd1b882f3af4130e18e4da17217453a
Author: Pulsar Site Updater <de...@pulsar.apache.org>
AuthorDate: Thu Mar 3 12:02:05 2022 +0000
Docs sync done from apache/pulsar(#d01867e)
---
site2/docs/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.0/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.1/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.2/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.3/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.4/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.8.0/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.8.1/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.8.2/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.9.0/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.9.1/security-tls-transport.md | 10 +++++++---
11 files changed, 77 insertions(+), 33 deletions(-)
diff --git a/site2/docs/security-tls-transport.md b/site2/docs/security-tls-transport.md
index e6ade2f..3fb9ca0 100644
--- a/site2/docs/security-tls-transport.md
+++ b/site2/docs/security-tls-transport.md
@@ -178,7 +178,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -215,7 +215,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -230,7 +230,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -242,6 +242,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -256,3 +259,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.7.0/security-tls-transport.md b/site2/website/versioned_docs/version-2.7.0/security-tls-transport.md
index e0f8ddc..f8b98cb 100644
--- a/site2/website/versioned_docs/version-2.7.0/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.7.0/security-tls-transport.md
@@ -177,7 +177,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -214,7 +214,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -229,7 +229,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -241,6 +241,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -255,3 +258,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.7.1/security-tls-transport.md b/site2/website/versioned_docs/version-2.7.1/security-tls-transport.md
index b0a5b53..d59e57b 100644
--- a/site2/website/versioned_docs/version-2.7.1/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.7.1/security-tls-transport.md
@@ -177,7 +177,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -214,7 +214,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -229,7 +229,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -241,6 +241,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -255,3 +258,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.7.2/security-tls-transport.md b/site2/website/versioned_docs/version-2.7.2/security-tls-transport.md
index 965a814..dd8055a 100644
--- a/site2/website/versioned_docs/version-2.7.2/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.7.2/security-tls-transport.md
@@ -177,7 +177,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -214,7 +214,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -229,7 +229,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -241,6 +241,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -255,3 +258,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.7.3/security-tls-transport.md b/site2/website/versioned_docs/version-2.7.3/security-tls-transport.md
index d5f690a..ab45297 100644
--- a/site2/website/versioned_docs/version-2.7.3/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.7.3/security-tls-transport.md
@@ -177,7 +177,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -214,7 +214,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -229,7 +229,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -241,6 +241,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -255,3 +258,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.7.4/security-tls-transport.md b/site2/website/versioned_docs/version-2.7.4/security-tls-transport.md
index a73990c..9161f4b 100644
--- a/site2/website/versioned_docs/version-2.7.4/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.7.4/security-tls-transport.md
@@ -177,7 +177,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -214,7 +214,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -229,7 +229,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -241,6 +241,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -255,3 +258,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.8.0/security-tls-transport.md b/site2/website/versioned_docs/version-2.8.0/security-tls-transport.md
index 10ea992..a1907ab 100644
--- a/site2/website/versioned_docs/version-2.8.0/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.8.0/security-tls-transport.md
@@ -178,7 +178,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -215,7 +215,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -230,7 +230,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -242,6 +242,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -256,3 +259,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.8.1/security-tls-transport.md b/site2/website/versioned_docs/version-2.8.1/security-tls-transport.md
index 271db68..4c09ad7 100644
--- a/site2/website/versioned_docs/version-2.8.1/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.8.1/security-tls-transport.md
@@ -178,7 +178,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -215,7 +215,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -230,7 +230,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -242,6 +242,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -256,3 +259,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.8.2/security-tls-transport.md b/site2/website/versioned_docs/version-2.8.2/security-tls-transport.md
index 9267809..7e7e28b 100644
--- a/site2/website/versioned_docs/version-2.8.2/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.8.2/security-tls-transport.md
@@ -178,7 +178,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -215,7 +215,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -230,7 +230,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -242,6 +242,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -256,3 +259,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.9.0/security-tls-transport.md b/site2/website/versioned_docs/version-2.9.0/security-tls-transport.md
index adb5754..7938962 100644
--- a/site2/website/versioned_docs/version-2.9.0/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.9.0/security-tls-transport.md
@@ -178,7 +178,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -215,7 +215,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -230,7 +230,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -242,6 +242,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -256,3 +259,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file
diff --git a/site2/website/versioned_docs/version-2.9.1/security-tls-transport.md b/site2/website/versioned_docs/version-2.9.1/security-tls-transport.md
index d7d9436..f511596 100644
--- a/site2/website/versioned_docs/version-2.9.1/security-tls-transport.md
+++ b/site2/website/versioned_docs/version-2.9.1/security-tls-transport.md
@@ -178,7 +178,7 @@ Moreover, as the administrator has full control of the certificate authority, a
One scenario where you may want to enable hostname verification is where you have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for example, pulsar.mycompany.com. In this case, you can generate a TLS cert with pulsar.mycompany.com as the "CommonName," and then enable hostname verification on the client.
-The examples below show hostname verification being disabled for the Java client, though you can omit this as the client disables the hostname verification by default. C++/python/Node.js clients do now allow configuring this at the moment.
+The examples below show that hostname verification is disabled for the CLI tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -215,7 +215,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
```
@@ -230,7 +230,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
#### Node.js client
@@ -242,6 +242,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
```
@@ -256,3 +259,4 @@ var client = PulsarClient.Builder()
.VerifyCertificateName(false) //Default is 'false'
.Build();
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname verification in the C# client.
\ No newline at end of file