What does "hostname validation" mean in this context? If it means checking CN/altNames, then it should be true by default, since otherwise it's a trap waiting to be sprung on people.
(Once you turn on `druid.server.https.requireClientCertificate`, we should be secure as possible by default, and you should have to explicitly set options to be less secure.) [ Full content available at: https://github.com/apache/incubator-druid/pull/6076 ] This message was relayed via gitbox.apache.org for [email protected]
