nodece commented on issue #22125: URL: https://github.com/apache/pulsar/issues/22125#issuecomment-1993919553
I think there are two things here: 1. The Pulsar broker/client support reloads the TLS certificate and key when running. This feature is supported. 2. What happens when the certificate expires. The connection didn't disconnect. This is a bug, we need to add a certificate monitor to check if the certificate expires. @damienburke's PR: https://github.com/apache/pulsar/compare/master...damienburke:pulsar:master This is a way to check if the certificate expires, which is not optimal, we also have TLS encrypted transport, not auth. I think we should check each TLS connection, once the certificate expires we need to disconnect the client. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
