You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/01/31 03:30:41 UTC
[GitHub] merlimat commented on a change in pull request #3486:
[pulsar-broker] separate broker-client config to allow-insecure-cnx for
broker replication
merlimat commented on a change in pull request #3486: [pulsar-broker] separate broker-client config to allow-insecure-cnx for broker replication
URL: https://github.com/apache/pulsar/pull/3486#discussion_r252524557
##########
File path: conf/broker.conf
##########
@@ -255,6 +255,10 @@ tlsTrustCertsFilePath=
# though the cert will not be used for client authentication.
tlsAllowInsecureConnection=false
+# Allow insecured tls connection for outgoing connection to a server (broker)
+# (eg: to avoid hostname-verification)
+brokerClientTlsAllowInsecureConnection=false
Review comment:
Actually, the "insecure connection" setting in the client lib would mean to not validate the server certificate. This is different from hostname verification, in which a client will require a valid certificate from server (signed by common CA) though it will not require the server CommonName to match the service url.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services