You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/12/01 09:21:40 UTC

[GitHub] [pulsar] rdhabalia commented on pull request #18689: [improve][cli] Tools: Derive default value tls-insecure-cnx param based on trust-store input

rdhabalia commented on PR #18689:
URL: https://github.com/apache/pulsar/pull/18689#issuecomment-1333466390

   > We cannot set tlsAllowInsecureConnection based on the tlsTrustStorePath. Sometimes if the ca certificate is public and trusted, the tlsTrustStorePath or tlsTrustCertsFilePath should be empty,
   
   If one wants to depend on public ca cert then one can always configure tlsAllowInsecureConnection but in most of the cases turstStore doesn't exist then user wants to skip any client side cert validation and default behavior can be derived by user action. Also, there is no such behavior documented to validate against public cert in absence of truststore so, let's not try to make wrong assumption here.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org