adutra commented on PR #15500: URL: https://github.com/apache/iceberg/pull/15500#issuecomment-3997401526
> Alex, why would we allow such a verification to be bypassed, do you have some real world use case for this ? You could find yourself in the situation where the catalog server has TLS enabled, and its certificate shows a SAN of e.g. `catalog.bigcorp.com`; but if the client/engine is in the same cluster/network, it could actually be contacting the catalog through its internal IP instead, e.g. `https://1.2.3.4:8181/api/catalog`. In that case, the hostname verification will fail. (Please note: I mentioned `NoopHostnameVerifier` just as an example of possible usage of `HostnameVerificationPolicy`.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
