mateczagany commented on code in PR #27407:
URL: https://github.com/apache/flink/pull/27407#discussion_r2689020818
##########
flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java:
##########
@@ -519,7 +519,7 @@ public static Configuration forProvider(Configuration
configuration, String prov
public static final ConfigOption<Boolean> SSL_VERIFY_HOSTNAME =
key("security.ssl.verify-hostname")
.booleanType()
- .defaultValue(true)
+ .defaultValue(false)
Review Comment:
I should have added more information in the description of the PR, so I'll
try to explain my motivation here:
This configuration was not used before anywhere for a long time, and Flink
only relied on the default behavior of Netty. This default behavior in 4.1.x
was to not verify the hostnames. Since 4.2.x, as in the [migration
guide](https://github.com/netty/netty/wiki/Netty-4.2-Migration-Guide#compatibility-highlights),
Netty now enables hostname verification by default.
So I think this is the best way to ensure that there are no surprises for
people that upgrade.
But I will create another PR for the Netty changes as you've advised, and we
can discuss it further there.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
