[pulsar] 10/10: [fix][broker] Fix create client with TLS config (#16014)

Wed, 27 Jul 2022 01:36:34 -0700 

This is an automated email from the ASF dual-hosted git repository.

xyz pushed a commit to branch branch-2.8
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit bda2c0514cd9543cd4ddcfa31fad608f99454138
Author: Zixuan Liu <[email protected]>
AuthorDate: Wed Jun 15 21:40:25 2022 +0800

    [fix][broker] Fix create client with TLS config (#16014)
    
    ### Motivation
    
    In PulsarService, create a client with an incorrect config.
    
    When `tlsEnabled` is `true`, and `brokerClientTlsEnabled` is `false`, users 
will meet `Failed reason: General OpenSslEngine problem`, due to 
`tlsTrustCertsFilePath` is incorrect.
    
    ### Modifications
    
    - Fix check TLS enable
    - Setup ciphers and protocols
    - Remove duplicate setTlsTrustCertsFilePath
    
    (cherry picked from commit 22057ca0296e4eb6e0c9d41bc10e24bdbdc71efc)
---
 .../main/java/org/apache/pulsar/broker/PulsarService.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
index 14897831755..49440be5452 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
@@ -1356,12 +1356,14 @@ public class PulsarService implements AutoCloseable {
                         
.filterAndMapProperties(this.getConfiguration().getProperties(), 
"brokerClient_");
                 ClientConfigurationData conf =
                         ConfigurationDataUtils.loadData(overrides, 
initialConf, ClientConfigurationData.class);
-                conf.setServiceUrl(this.getConfiguration().isTlsEnabled()
-                                ? this.brokerServiceUrlTls : 
this.brokerServiceUrl);
-                
conf.setTlsAllowInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
-                
conf.setTlsTrustCertsFilePath(this.getConfiguration().getTlsCertificateFilePath());
 
-                if (this.getConfiguration().isBrokerClientTlsEnabled()) {
+                boolean tlsEnabled = 
this.getConfiguration().isBrokerClientTlsEnabled();
+                conf.setServiceUrl(tlsEnabled ? this.brokerServiceUrlTls : 
this.brokerServiceUrl);
+
+                if (tlsEnabled) {
+                    
conf.setTlsCiphers(this.getConfiguration().getBrokerClientTlsCiphers());
+                    
conf.setTlsProtocols(this.getConfiguration().getBrokerClientTlsProtocols());
+                    
conf.setTlsAllowInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
                     if 
(this.getConfiguration().isBrokerClientTlsEnabledWithKeyStore()) {
                         conf.setUseKeyStoreTls(true);
                         
conf.setTlsTrustStoreType(this.getConfiguration().getBrokerClientTlsTrustStoreType());

Reply via email to