ethaden commented on code in PR #14130:
URL: https://github.com/apache/kafka/pull/14130#discussion_r1299353258
##########
clients/src/main/java/org/apache/kafka/common/security/ssl/DefaultSslEngineFactory.java:
##########
@@ -255,7 +271,7 @@ private SSLContext createSSLContext(SecurityStore keystore,
SecurityStore trusts
}
String tmfAlgorithm = this.tmfAlgorithm != null ?
this.tmfAlgorithm : TrustManagerFactory.getDefaultAlgorithm();
- TrustManagerFactory tmf =
TrustManagerFactory.getInstance(tmfAlgorithm);
+ CommonNameLoggingTrustManagerFactoryWrapper tmf =
CommonNameLoggingTrustManagerFactoryWrapper.getInstance(tmfAlgorithm);
Review Comment:
@rajinisivaram: I followed your advise, added a new SSL factory
implementation and removed my changes to the default SSL factory. The updated
code can now be enabled by setting
"ssl.engine.factory.class=org.apache.kafka.common.security.ssl.CommonNameLoggingSslEngineFactory"
in the config file. However, as the default factory is "final" and hides a lot
of its internal implementation details, there is some redundant code which can
hardly be avoided without changing the default factory (e.g. removing "final",
making some methods protected to allow inheritance, or adding some
setters/getters to make it possible to delegate from the new implementation to
the default one).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
