stevenzwu commented on PR #15500: URL: https://github.com/apache/iceberg/pull/15500#issuecomment-4099340861
> > I am wondering about the default value of HostnameVerificationPolicy.CLIENT. > > `BOTH` is safer, but also introduces a behavioral change compared to 1.10. Are we OK with that? Can you send an email to dev@ to get broader feedback? It might be ok introduce a slight behavior change. Most production use cases probably should use DNS anyway. For IP address usage, users can add the IP address to the cert SAN. This is the only question I have for this PR. Exposing `hostnameVerificationPolicy` in the TLS configurer makes sense. Unit test can configure it to noop to use the loopback address. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
