omkreddy commented on code in PR #14130:
URL: https://github.com/apache/kafka/pull/14130#discussion_r1285082984
##########
clients/src/main/java/org/apache/kafka/common/security/ssl/DefaultSslEngineFactory.java:
##########
@@ -255,7 +271,7 @@ private SSLContext createSSLContext(SecurityStore keystore,
SecurityStore trusts
}
String tmfAlgorithm = this.tmfAlgorithm != null ?
this.tmfAlgorithm : TrustManagerFactory.getDefaultAlgorithm();
- TrustManagerFactory tmf =
TrustManagerFactory.getInstance(tmfAlgorithm);
+ CommonNameLoggingTrustManagerFactoryWrapper tmf =
CommonNameLoggingTrustManagerFactoryWrapper.getInstance(tmfAlgorithm);
Review Comment:
My main concern is related to possible performance impact of the additional
processing. We often see that faulty clients bombarding the brokers with
handshake requests with expired certificates. This can impact broker
performance. So I was thinking of adding a flag to enable/disable. Lets see
what others thinking
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
