JozsefKuti commented on code in PR #28532:
URL: https://github.com/apache/flink/pull/28532#discussion_r3479656474
##########
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java:
##########
@@ -437,18 +444,15 @@ public static SslContext createRestNettySSLContext(
if (clientMode || clientAuth != ClientAuth.NONE) {
Optional<TrustManagerFactory> tmf = getTrustManagerFactory(config,
false);
- tmf.map(
- // Use specific ciphers and protocols if SSL is configured
with self-signed
- // certificates (user-supplied truststore)
- tm ->
- sslContextBuilder
- .trustManager(tm)
- .protocols(sslProtocols)
- .ciphers(ciphers)
- .clientAuth(clientAuth));
- }
-
- return sslContextBuilder.sslProvider(provider).build();
+ tmf.ifPresent(sslContextBuilder::trustManager);
+ }
+
+ return sslContextBuilder
+ .sslProvider(provider)
+ .protocols(sslProtocols)
+ .ciphers(ciphers)
+ .clientAuth(clientAuth)
Review Comment:
Move `.clientAuth(clientAuth) `a few lines before where clientAuth is
enabled - since it is set even for service side as well at the moment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
