janhoy commented on PR #2099: URL: https://github.com/apache/solr/pull/2099#issuecomment-1847522543
Yes, disabling the name check will of course work for the localhost case. Normally the plugin will always connect to an external IDP to fetch JWKs or well-known, and then it will enable validation of cert CN. A pity we won't be able to test that here, but it is far better with a working test that tests everything else, than having full coverage. Not sure of the consequences of exempting canonicalHostName and not hostName. Perhaps safest to check both? Wrt simplifying the generation, we can leave that as a follow up, perhaps there is a need for a PR upstream first. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
