ivankelly commented on a change in pull request #6128: Fix broker client tls
settings error
URL: https://github.com/apache/pulsar/pull/6128#discussion_r370661844
##########
File path:
pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
##########
@@ -873,12 +873,16 @@ public synchronized PulsarClient getClient() throws
PulsarServerException {
ClientBuilder builder = PulsarClient.builder()
.serviceUrl(this.getConfiguration().isTlsEnabled()
? this.brokerServiceUrlTls :
this.brokerServiceUrl)
- .enableTls(this.getConfiguration().isTlsEnabled())
-
.allowTlsInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection())
-
.tlsTrustCertsFilePath(this.getConfiguration().getTlsCertificateFilePath());
+ .enableTls(this.getConfiguration().isTlsEnabled());
+
+ if (this.getConfiguration().isBrokerClientTlsEnabled()) {
+
builder.allowTlsInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
+
builder.tlsTrustCertsFilePath(this.getConfiguration().getBrokerClientTrustCertsFilePath());
Review comment:
yes, I get that. I'm just wondering what sort of set up requires a different
CA cert for broker client and for the server. The broker client is going to
connect to other brokers in the same cluster, which will have the same CA.
My concern here is that people will have configured with only the tls
certificate path, and not the broker client tls cert path. This change will
break their configuration. Given than both paths are likely to be the same, if
broker client tls cert path is empty, it should fall back to tls certificate
path.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
