Skip to content

TLS Hostname verification doesn't get disabled if using https lookup in PulsarClient #3333

New issue
New issue
Closed
Closed
TLS Hostname verification doesn't get disabled if using https lookup in PulsarClient#3333
Labels
area/securityhelp wantedlifecycle/staletype/bugThe PR fixed a bug or issue reported a bug
@ivankelly

Description

@ivankelly
ivankelly
opened on Jan 8, 2019

Describe the bug
If you connect to a broker using a https lookup url, and the cert doesn't match the hostname, and hostname verification is disabled, it will complain about the hostname.

To Reproduce
Steps to reproduce the behavior:

  1. Configure a cluster with TLS authentication. The broker hostname shouldn't match the cert CN.
PulsarClient.builder()
            .serviceUrl("https://BROKER_HOSTNAME:8443")
            .enableTlsHostnameVerification(false)
            .authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
                                     "tlsCertFile:PATH_TO_CERT,tlsKeyFile:PATH_TO_KEY")
            .tlsTrustCertsFilePath(PATH_TO_CA).build();
  1. The client will fail to connect and give an error about the hostname.

Expected behavior
It shouldn't try to verify the hostname.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/securityhelp wantedlifecycle/staletype/bugThe PR fixed a bug or issue reported a bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions