[pulsar] branch branch-2.9 updated: [fix][broker] Fix create client with TLS config (#16014)

Fri, 01 Jul 2022 20:03:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

mattisonchao pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.9 by this push:
     new 713181ec28a [fix][broker] Fix create client with TLS config (#16014)
713181ec28a is described below

commit 713181ec28af254848a18a5303f64f277c8de994
Author: Zixuan Liu <[email protected]>
AuthorDate: Wed Jun 15 21:40:25 2022 +0800

    [fix][broker] Fix create client with TLS config (#16014)
    
    ### Motivation
    
    In PulsarService, create a client with an incorrect config.
    
    When `tlsEnabled` is `true`, and `brokerClientTlsEnabled` is `false`, users 
will meet `Failed reason: General OpenSslEngine problem`, due to 
`tlsTrustCertsFilePath` is incorrect.
    
    ### Modifications
    
    - Fix check TLS enable
    - Setup ciphers and protocols
    - Remove duplicate setTlsTrustCertsFilePath
    
    (cherry picked from commit 22057ca0296e4eb6e0c9d41bc10e24bdbdc71efc)
---
 .../main/java/org/apache/pulsar/broker/PulsarService.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
index 85f21e0bf8f..b60c8dc4845 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
@@ -1340,12 +1340,14 @@ public class PulsarService implements AutoCloseable, 
ShutdownService {
                         
.filterAndMapProperties(this.getConfiguration().getProperties(), 
"brokerClient_");
                 ClientConfigurationData conf =
                         ConfigurationDataUtils.loadData(overrides, 
initialConf, ClientConfigurationData.class);
-                conf.setServiceUrl(this.getConfiguration().isTlsEnabled()
-                                ? this.brokerServiceUrlTls : 
this.brokerServiceUrl);
-                
conf.setTlsAllowInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
-                
conf.setTlsTrustCertsFilePath(this.getConfiguration().getTlsCertificateFilePath());
 
-                if (this.getConfiguration().isBrokerClientTlsEnabled()) {
+                boolean tlsEnabled = 
this.getConfiguration().isBrokerClientTlsEnabled();
+                conf.setServiceUrl(tlsEnabled ? this.brokerServiceUrlTls : 
this.brokerServiceUrl);
+
+                if (tlsEnabled) {
+                    
conf.setTlsCiphers(this.getConfiguration().getBrokerClientTlsCiphers());
+                    
conf.setTlsProtocols(this.getConfiguration().getBrokerClientTlsProtocols());
+                    
conf.setTlsAllowInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
                     if 
(this.getConfiguration().isBrokerClientTlsEnabledWithKeyStore()) {
                         conf.setUseKeyStoreTls(true);
                         
conf.setTlsTrustStoreType(this.getConfiguration().getBrokerClientTlsTrustStoreType());

Reply via email to