mateczagany opened a new pull request, #27457: URL: https://github.com/apache/flink/pull/27457
## What is the purpose of the change As described in this [ML thread](https://lists.apache.org/thread/4z3gpm4hg82m5vz2330zv9b93q9hcr2d), the SSL endpoint verification configuration is not working as expected. This was mitigated in #27407 but the change in that PR enables endpoint verification for internal communication as well. This PR will address that according to the ML thread, and only REST client will use hostname verification using the new configuration. ## Brief change log - Remove configuration `security.ssl.verify-hostname` which is not used in any recent released Flink version - Add `security.ssl.rest.verify-hostname` which will only add hostname verification for REST connections - Add test cases ## Verifying this change - By adding new tests with the already existing certificates found in the test suite ## Does this pull request potentially affect one of the following parts: - Dependencies (does it add or upgrade a dependency): no - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: no - The serializers: no - The runtime per-record code paths (performance sensitive): no - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no - The S3 file system connector: no ## Documentation - Does this pull request introduce a new feature? yes - If yes, how is the feature documented? Updated documentation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
