This is an automated email from the ASF dual-hosted git repository.
sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 4e217dd C++ should default not allow insecure connections with TLS
(#2229)
4e217dd is described below
commit 4e217dde805014da49ba147889e1e7ee224f7dd0
Author: Ivan Kelly <[email protected]>
AuthorDate: Wed Jul 25 20:40:34 2018 +0100
C++ should default not allow insecure connections with TLS (#2229)
If tlsAllowInsecureConnection is true, then the client doesn't
validate the server's TLS cert, allowing for MITM attacks. This
shouldn't be the default option.
---
pulsar-client-cpp/lib/ClientConfigurationImpl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pulsar-client-cpp/lib/ClientConfigurationImpl.h
b/pulsar-client-cpp/lib/ClientConfigurationImpl.h
index 7160a65..cb23a14 100644
--- a/pulsar-client-cpp/lib/ClientConfigurationImpl.h
+++ b/pulsar-client-cpp/lib/ClientConfigurationImpl.h
@@ -44,7 +44,7 @@ struct ClientConfigurationImpl {
concurrentLookupRequest(50000),
logConfFilePath(),
useTls(false),
- tlsAllowInsecureConnection(true),
+ tlsAllowInsecureConnection(false),
statsIntervalInSeconds(600), // 10 minutes
loggerFactory() {}
};
