rohangoli commented on code in PR #2805:
URL: https://github.com/apache/polaris/pull/2805#discussion_r2637381111
##########
runtime/service/src/main/java/org/apache/polaris/service/config/ServiceProducers.java:
##########
@@ -230,6 +234,50 @@ public SdkHttpClient sdkHttpClient(S3AccessConfig config) {
return httpClient.build();
}
+ /**
+ * Producer that creates an insecure SDK HTTP client (trusts all certs).
This allows other
+ * components to explicitly request the insecure client instance when wiring
clients that need to
+ * ignore TLS verification (for development/test setups only).
+ */
+ @Produces
+ @Singleton
+ @Identifier("aws-sdk-http-client-insecure")
+ public SdkHttpClient insecureSdkHttpClient(S3AccessConfig config) {
+ return createInsecureHttpClient(config);
+ }
+
+ /**
+ * Creates an HTTP client that bypasses SSL certificate verification.
WARNING: This should only be
+ * used for development and testing environments.
+ */
+ public SdkHttpClient createInsecureHttpClient(S3AccessConfig config) {
+ try {
+ SSLContext sslContext =
Review Comment:
Apache Iceberg's S3FileIO doesn't respect the TRUST_ALL_CERTIFICATES setting
we configure in Polaris's ServiceProducers. It creates its own AWS SDK clients
independently.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
