Claus Ibsen created CAMEL-24056:
-----------------------------------

             Summary: camel-kafka - Mark sslEndpointAlgorithm as 
security=insecure:ssl
                 Key: CAMEL-24056
                 URL: https://issues.apache.org/jira/browse/CAMEL-24056
             Project: Camel
          Issue Type: Improvement
          Components: camel-kafka
            Reporter: Claus Ibsen


The {{sslEndpointAlgorithm}} option in {{KafkaConfiguration}} allows disabling 
TLS hostname verification by setting it to an empty value or {{none}}. However, 
it is not annotated with {{security = "insecure:ssl"}}, so Camel's security 
policy framework cannot identify it as an option that weakens SSL verification.

The {{camel-openai}} component already has this annotation (added in 
CAMEL-23970). The same annotation should be added to {{camel-kafka}} for 
consistency.

File: 
{{components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaConfiguration.java}}

Change:
{code:java}
// Current:
@UriParam(label = "common,security", defaultValue = "https")
private String sslEndpointAlgorithm = 
SslConfigs.DEFAULT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM;

// Should be:
@UriParam(label = "common,security", defaultValue = "https", security = 
"insecure:ssl")
private String sslEndpointAlgorithm = 
SslConfigs.DEFAULT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM;
{code}

After annotation change, regenerate catalog and SecurityUtils.java.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to