(pulsar) branch master updated: [improve][sec] Align the default mechanism for server to request certificates (#21625)

Tue, 28 Nov 2023 17:26:01 -0800 

This is an automated email from the ASF dual-hosted git repository.

technoboy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new e820f90c925 [improve][sec] Align the default mechanism for server to 
request certificates (#21625)
e820f90c925 is described below

commit e820f90c925efdcab781771e485c5370a0f2fd4f
Author: Qiang Zhao <[email protected]>
AuthorDate: Wed Nov 29 09:25:49 2023 +0800

    [improve][sec] Align the default mechanism for server to request 
certificates (#21625)
---
 .../java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java | 1 -
 .../apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java   | 6 +++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git 
a/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
 
b/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
index 91c2f784cd7..1a7e806f0e6 100644
--- 
a/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
+++ 
b/pulsar-broker/src/test/java/org/apache/pulsar/security/tls/MockedPulsarStandalone.java
@@ -87,7 +87,6 @@ public abstract class MockedPulsarStandalone implements 
AutoCloseable {
         serviceConfiguration.setTlsKeyStorePassword(TLS_EC_KS_SERVER_PASS);
         serviceConfiguration.setTlsTrustStore(TLS_EC_KS_TRUSTED_STORE);
         
serviceConfiguration.setTlsTrustStorePassword(TLS_EC_KS_TRUSTED_STORE_PASS);
-        serviceConfiguration.setTlsRequireTrustedClientCertOnConnect(true);
         serviceConfiguration.setBrokerClientTlsEnabled(true);
         serviceConfiguration.setBrokerClientTlsEnabledWithKeyStore(true);
         
serviceConfiguration.setBrokerClientTlsKeyStore(TLS_EC_KS_BROKER_CLIENT_STORE);
diff --git 
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
 
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
index c717127d085..a70857bdf3b 100644
--- 
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
+++ 
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
@@ -201,7 +201,11 @@ public class KeyStoreSSLContext {
         }
 
         if (this.mode == Mode.SERVER) {
-            sslEngine.setNeedClientAuth(this.needClientAuth);
+            if (needClientAuth) {
+                sslEngine.setNeedClientAuth(true);
+            } else {
+                sslEngine.setWantClientAuth(true);
+            }
             sslEngine.setUseClientMode(false);
         } else {
             sslEngine.setUseClientMode(true);

Reply via email to