massakam opened a new pull request, #467: URL: https://github.com/apache/pulsar-client-cpp/pull/467
### Motivation The C++ client has the same mTLS authentication issue as https://github.com/apache/pulsar/pull/23644. That is, if a client's certificate is not directly signed by a root CA, but is signed by an intermediate CA, mTLS authentication will fail. ### Modifications - When loading a client cert, use [ssl::context::use_certificate_chain_file](https://www.boost.org/doc/libs/1_87_0/doc/html/boost_asio/reference/ssl__context/use_certificate_chain_file.html) instead of [ssl::context::use_certificate_file](https://www.boost.org/doc/libs/1_87_0/doc/html/boost_asio/reference/ssl__context/use_certificate_file.html). - Added a test to check whether a PEM file containing a client cert and intermediate CA cert can be loaded and successfully connected to a broker. When issuing the intermediate CA cert, I did not know the private key of the root CA, so I reissued the root CA cert. ### Verifying this change - [ ] Make sure that the change passes the CI checks. ### Documentation <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. --> - [ ] `doc-not-needed` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
