zzzming commented on a change in pull request #238:
URL: https://github.com/apache/pulsar-client-go/pull/238#discussion_r430440967
##########
File path: pulsar/internal/connection.go
##########
@@ -713,6 +713,41 @@ func (c *connection) getTLSConfig() (*tls.Config, error) {
if c.tlsOptions.ValidateHostname {
tlsConfig.ServerName = c.physicalAddr.Hostname()
Review comment:
@EronWright you are right that ServerName should be set as suggested by
https://github.com/golang/go/blob/62a3f2e27c7732656bb3ae8f14047b74a9956e77/src/crypto/tls/common.go#L542
I think the problem is the default value of TLSValidateHostname is `false`.
It should have been called `DisabledTLSValidateHostname`. Do you have any
suggestion how to handle backward compatibility of TLSValidateHostname?
I made an update to add ServerName but only skip verification if
InsecureSkipVerify is true.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
