[pulsar] 12/29: [fix][broker] Fix create client with TLS config (#16014)

Tue, 28 Jun 2022 08:13:19 -0700 

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit 718904dcef8fbe056c733c9ab6215d86827d96b5
Author: Zixuan Liu <[email protected]>
AuthorDate: Wed Jun 15 21:40:25 2022 +0800

    [fix][broker] Fix create client with TLS config (#16014)
    
    ### Motivation
    
    In PulsarService, create a client with an incorrect config.
    
    When `tlsEnabled` is `true`, and `brokerClientTlsEnabled` is `false`, users 
will meet `Failed reason: General OpenSslEngine problem`, due to 
`tlsTrustCertsFilePath` is incorrect.
    
    ### Modifications
    
    - Fix check TLS enable
    - Setup ciphers and protocols
    - Remove duplicate setTlsTrustCertsFilePath
    
    (cherry picked from commit 22057ca0296e4eb6e0c9d41bc10e24bdbdc71efc)
---
 .../src/main/java/org/apache/pulsar/broker/PulsarService.java | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
index 0acc4ec6956..944201d6125 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
@@ -1381,12 +1381,13 @@ public class PulsarService implements AutoCloseable, 
ShutdownService {
                 ClientConfigurationData conf =
                         ConfigurationDataUtils.loadData(overrides, 
initialConf, ClientConfigurationData.class);
 
-                conf.setServiceUrl(this.getConfiguration().isTlsEnabled()
-                                ? this.brokerServiceUrlTls : 
this.brokerServiceUrl);
-                
conf.setTlsAllowInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
-                
conf.setTlsTrustCertsFilePath(this.getConfiguration().getTlsCertificateFilePath());
+                boolean tlsEnabled = 
this.getConfiguration().isBrokerClientTlsEnabled();
+                conf.setServiceUrl(tlsEnabled ? this.brokerServiceUrlTls : 
this.brokerServiceUrl);
 
-                if (this.getConfiguration().isBrokerClientTlsEnabled()) {
+                if (tlsEnabled) {
+                    
conf.setTlsCiphers(this.getConfiguration().getBrokerClientTlsCiphers());
+                    
conf.setTlsProtocols(this.getConfiguration().getBrokerClientTlsProtocols());
+                    
conf.setTlsAllowInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
                     if 
(this.getConfiguration().isBrokerClientTlsEnabledWithKeyStore()) {
                         conf.setUseKeyStoreTls(true);
                         
conf.setTlsTrustStoreType(this.getConfiguration().getBrokerClientTlsTrustStoreType());

Reply via email to