ivankelly commented on a change in pull request #6128: Fix broker client tls
settings error
URL: https://github.com/apache/pulsar/pull/6128#discussion_r373440610
##########
File path:
pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
##########
@@ -873,12 +873,16 @@ public synchronized PulsarClient getClient() throws
PulsarServerException {
ClientBuilder builder = PulsarClient.builder()
.serviceUrl(this.getConfiguration().isTlsEnabled()
? this.brokerServiceUrlTls :
this.brokerServiceUrl)
- .enableTls(this.getConfiguration().isTlsEnabled())
-
.allowTlsInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection())
-
.tlsTrustCertsFilePath(this.getConfiguration().getTlsCertificateFilePath());
+ .enableTls(this.getConfiguration().isTlsEnabled());
+
+ if (this.getConfiguration().isBrokerClientTlsEnabled()) {
+
builder.allowTlsInsecureConnection(this.getConfiguration().isTlsAllowInsecureConnection());
+
builder.tlsTrustCertsFilePath(this.getConfiguration().getBrokerClientTrustCertsFilePath());
Review comment:
Providing the ability to have different values is good. However, current
behaviour is that just setting tlsCertificateFilePath is enough for both. This
change _requires_ that both values are set, which breaks people using the
current behaviour. The correct fix here is to use
brokerClientTrustCertsFilePath it is non-empty, otherwise use
tlsCertificateFilePath.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
