This is an automated email from the ASF dual-hosted git repository.
urfree pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pulsar-site.git
The following commit(s) were added to refs/heads/main by this push:
new 31eb8f5 update
31eb8f5 is described below
commit 31eb8f559669085c63d3fcff979ae4ec0d9f5a05
Author: LiLi <[email protected]>
AuthorDate: Fri Mar 4 11:30:41 2022 +0800
update
Signed-off-by: LiLi <[email protected]>
---
site2/website-next/docs/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.0/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.1/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.2/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.3/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.7.4/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.8.0/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.8.1/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.8.2/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.9.0/security-tls-transport.md | 10 +++++++---
.../versioned_docs/version-2.9.1/security-tls-transport.md | 10 +++++++---
11 files changed, 77 insertions(+), 33 deletions(-)
diff --git a/site2/website-next/docs/security-tls-transport.md
b/site2/website-next/docs/security-tls-transport.md
index a9b18d1..78dd16a 100644
--- a/site2/website-next/docs/security-tls-transport.md
+++ b/site2/website-next/docs/security-tls-transport.md
@@ -198,7 +198,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -240,7 +240,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -257,7 +257,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -271,6 +271,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -289,3 +292,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.7.0/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.7.0/security-tls-transport.md
index 478189f..85863fe 100644
--- a/site2/website-next/versioned_docs/version-2.7.0/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.7.0/security-tls-transport.md
@@ -197,7 +197,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -239,7 +239,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -256,7 +256,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -270,6 +270,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -288,3 +291,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.7.1/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.7.1/security-tls-transport.md
index 478189f..85863fe 100644
--- a/site2/website-next/versioned_docs/version-2.7.1/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.7.1/security-tls-transport.md
@@ -197,7 +197,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -239,7 +239,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -256,7 +256,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -270,6 +270,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -288,3 +291,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.7.2/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.7.2/security-tls-transport.md
index 478189f..85863fe 100644
--- a/site2/website-next/versioned_docs/version-2.7.2/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.7.2/security-tls-transport.md
@@ -197,7 +197,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -239,7 +239,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -256,7 +256,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -270,6 +270,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -288,3 +291,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.7.3/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.7.3/security-tls-transport.md
index 478189f..1b5129a 100644
--- a/site2/website-next/versioned_docs/version-2.7.3/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.7.3/security-tls-transport.md
@@ -197,7 +197,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -239,7 +239,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -256,7 +256,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -270,6 +270,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -288,3 +291,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.7.4/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.7.4/security-tls-transport.md
index 478189f..1b5129a 100644
--- a/site2/website-next/versioned_docs/version-2.7.4/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.7.4/security-tls-transport.md
@@ -197,7 +197,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -239,7 +239,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -256,7 +256,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -270,6 +270,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -288,3 +291,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.8.0/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.8.0/security-tls-transport.md
index c7e206d..2a0002e 100644
--- a/site2/website-next/versioned_docs/version-2.8.0/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.8.0/security-tls-transport.md
@@ -198,7 +198,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -240,7 +240,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -257,7 +257,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -271,6 +271,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -289,3 +292,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.8.1/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.8.1/security-tls-transport.md
index c7e206d..2a0002e 100644
--- a/site2/website-next/versioned_docs/version-2.8.1/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.8.1/security-tls-transport.md
@@ -198,7 +198,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -240,7 +240,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -257,7 +257,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -271,6 +271,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -289,3 +292,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.8.2/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.8.2/security-tls-transport.md
index c7e206d..2a0002e 100644
--- a/site2/website-next/versioned_docs/version-2.8.2/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.8.2/security-tls-transport.md
@@ -198,7 +198,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -240,7 +240,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -257,7 +257,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -271,6 +271,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -289,3 +292,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.9.0/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.9.0/security-tls-transport.md
index c7e206d..2a0002e 100644
--- a/site2/website-next/versioned_docs/version-2.9.0/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.9.0/security-tls-transport.md
@@ -198,7 +198,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -240,7 +240,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -257,7 +257,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -271,6 +271,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -289,3 +292,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
diff --git
a/site2/website-next/versioned_docs/version-2.9.1/security-tls-transport.md
b/site2/website-next/versioned_docs/version-2.9.1/security-tls-transport.md
index c7e206d..2a0002e 100644
--- a/site2/website-next/versioned_docs/version-2.9.1/security-tls-transport.md
+++ b/site2/website-next/versioned_docs/version-2.9.1/security-tls-transport.md
@@ -198,7 +198,7 @@ Moreover, as the administrator has full control of the
certificate authority, a
One scenario where you may want to enable hostname verification is where you
have multiple proxy nodes behind a VIP, and the VIP has a DNS record, for
example, pulsar.mycompany.com. In this case, you can generate a TLS cert with
pulsar.mycompany.com as the "CommonName," and then enable hostname verification
on the client.
-The examples below show hostname verification being disabled for the Java
client, though you can omit this as the client disables the hostname
verification by default. C++/python/Node.js clients do now allow configuring
this at the moment.
+The examples below show that hostname verification is disabled for the CLI
tools/Java/Python/C++/Node.js/C# clients by default.
### CLI tools
@@ -240,7 +240,7 @@ PulsarClient client = PulsarClient.builder()
from pulsar import Client
client = Client("pulsar+ssl://broker.example.com:6651/",
- tls_hostname_verification=True,
+ tls_hostname_verification=False,
tls_trust_certs_file_path="/path/to/ca.cert.pem",
tls_allow_insecure_connection=False) // defaults to false from
v2.2.0 onwards
@@ -257,7 +257,7 @@ config.setUseTls(true); // shouldn't be needed soon
config.setTlsTrustCertsFilePath(caPath);
config.setTlsAllowInsecureConnection(false);
config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath,
clientPrivateKeyPath));
-config.setValidateHostName(true);
+config.setValidateHostName(false);
```
@@ -271,6 +271,9 @@ const Pulsar = require('pulsar-client');
const client = new Pulsar.Client({
serviceUrl: 'pulsar+ssl://broker.example.com:6651/',
tlsTrustCertsFilePath: '/path/to/ca.cert.pem',
+ useTls: true,
+ tlsValidateHostname: false,
+ tlsAllowInsecureConnection: false,
});
})();
@@ -289,3 +292,4 @@ var client = PulsarClient.Builder()
```
+> Note that `VerifyCertificateName` refers to the configuration of hostname
verification in the C# client.
\ No newline at end of file
