pan3793 commented on code in PR #55308:
URL: https://github.com/apache/spark/pull/55308#discussion_r3261074030
##########
sql/catalyst/src/main/scala/org/apache/spark/sql/internal/StaticSQLConf.scala:
##########
@@ -122,6 +122,17 @@ object StaticSQLConf {
.booleanConf
.createWithDefault(false)
+ val HIVE_THRIFT_SERVER_HTTP_SNI_HOST_CHECK_ENABLED =
+ buildStaticConf("spark.sql.hive.thriftServer.http.sniHostCheckEnabled")
+ .internal()
+ .doc("Whether to enable Jetty's SNI host check on the
ThriftHttpCLIService HTTPS " +
+ "connector. Spark has disabled SNI host check to preserve backward
compatibility. " +
+ "Set to true to enforce SNI host checking for " +
+ "stricter security.")
+ .version("4.3.0")
+ .booleanConf
+ .createWithDefault(false)
Review Comment:
Seems you AI agent just ignores the code suggestion, I mean only remove the
`See SPARK-54293.`
I re-loop the PR description, it seems it actually breaks again:
1. prior to SPARK-45522 (sni host check is disabled)
2. SPARK-45522 (sni host check is enabled, silent breaking change without
mention in the migration guide, nor config)
3. this PR should keep the SPARK-45522 behavior by default to avoid another
breaking change, so set the default value to true
```suggestion
.doc("Whether to enable Jetty's SNI host check on the
ThriftHttpCLIService HTTPS " +
"connector. Set to false to restore the behavior prior to
SPARK-45522 (Jetty 10+).")
.version("4.3.0")
.booleanConf
.createWithDefault(true)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
