michaeljmarshall commented on PR #19594: URL: https://github.com/apache/pulsar/pull/19594#issuecomment-1447170779
In talking with @lhotari offline, this PR's motivation might not have been clearly explained. Here is my justification: The tests that I updated to use the certs without subject alternative names are tests that ensure the client does not connect to a proxy/broker when the cert fails hostname verification. When `localhost` and `127.0.0.1` were added as subject alternative names, these tests failed on personal machines (meaning connections were made), but appear to have passed (most of the time) on the CI machines (meaning connections were closed). In the local environment, the tests failed because the certs correctly had a hostname that matched the SAN. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
