mateczagany commented on code in PR #27368:
URL: https://github.com/apache/flink/pull/27368#discussion_r2657026075
##########
flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java:
##########
@@ -519,7 +519,7 @@ public static Configuration forProvider(Configuration
configuration, String prov
public static final ConfigOption<Boolean> SSL_VERIFY_HOSTNAME =
key("security.ssl.verify-hostname")
.booleanType()
- .defaultValue(true)
+ .defaultValue(false)
Review Comment:
This configuration was not used before for a long time, I believe since this
commit:
https://github.com/apache/flink/commit/30c4bc847ade8cf0ae5c3ef6a6f8debdf72ddd61#diff-659981ee1b5263cef2478bd413c1e4b5122c9a636ef76bc0d4aafc9633274644
Before this upgrade, Netty disabled hostname verification by default, but
since 4.2.x, it's enabled by default, according to the [official migration
guide](https://github.com/netty/netty/wiki/Netty-4.2-Migration-Guide#compatibility-highlights).
I've added the necessary code in `SSLUtils` to check for this config option
when setting up `SSLContext`, but I felt like it's a good idea to disable
hostname verification by default with this change, as that was the behavior
before this PR as well.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
