KAFKA-3665: Enable TLS hostname verification by default (KIP-294)#4956
Merged
ijuma merged 2 commits intoapache:trunkfrom Jun 5, 2018
Merged
KAFKA-3665: Enable TLS hostname verification by default (KIP-294)#4956ijuma merged 2 commits intoapache:trunkfrom
ijuma merged 2 commits intoapache:trunkfrom
Conversation
Contributor
Author
|
Successful system test run here: https://jenkins.confluent.io/job/system-test-kafka-branch-builder/1744/ Will submit a KIP for this change since it impacts compatibility. |
rajinisivaram
force-pushed
the
KAFKA-3665-ssl-https
branch
2 times, most recently
from
10efae5 to
5e850ca
Compare
ijuma
reviewed
May 21, 2018
Member
ijuma
left a comment
ijuma
left a comment
There was a problem hiding this comment.
Thanks for the PR, just a few minor comments. Looks good otherwise.
Contributor
Author
There was a problem hiding this comment.
That was a typo in the code, SASL_PLAINTEXT is tested a few lines above this.
Member
There was a problem hiding this comment.
What happens if the value is set to null instead of empty string?
Contributor
Author
There was a problem hiding this comment.
Empty string and null are handled in the same way, updated test to verify that as well.
Member
There was a problem hiding this comment.
Can we add a comment explaining why the -1 is needed here?
Member
|
@rajinisivaram Let's try to merge this by tomorrow since it's so close. Needs a rebase and minor updates only. |
rajinisivaram
force-pushed
the
KAFKA-3665-ssl-https
branch
from
5e850ca to
6f31d21
Compare
Contributor
Author
|
@ijuma Thanks for the review. I have made the updates and rebased. |
Member
|
Will merge once the build passes (if you don't beat me to it). |
ijuma
changed the title
ijuma
added a commit
to edoardocomar/kafka
that referenced
this pull request
Jun 6, 2018
…grained-acl-create-topics * apache-github/trunk: KAFKA-5588: Remove deprecated --new-consumer tools option (apache#5097) MINOR: Fix for the location of the trogdor.sh executable file in the documentation. (apache#5040) KAFKA-6997: Exclude test-sources.jar when $INCLUDE_TEST_JARS is FALSE MINOR: docs should point to latest version (apache#5132) KAFKA-6981: Move the error handling configuration properties into the ConnectorConfig and SinkConnectorConfig classes (KIP-298) [KAFKA-6730] Simplify State Store Recovery (apache#5013) MINOR: Rename package `internal` to `internals` for consistency (apache#5137) KAFKA-6704: InvalidStateStoreException from IQ when StreamThread closes store (apache#4801) MINOR: Add missing configs for resilience settings MINOR: Add regression tests for KTable mapValues and filter (apache#5134) KAFKA-6750: Add listener name to authentication context (KIP-282) (apache#4829) KAFKA-3665: Enable TLS hostname verification by default (KIP-294) (apache#4956) KAFKA-6938: Add documentation for accessing Headers on Kafka Streams Processor API (apache#5128) KAFKA-6813: return to double-counting for count topology names (apache#5075) KAFKA-5919; Adding checks on "version" field for tools using it MINOR: Remove deprecated KafkaStreams constructors in docs (apache#5118)
ijuma
added a commit
to big-andy-coates/kafka
that referenced
this pull request
Jun 6, 2018
…refix * apache-github/trunk: KAFKA-6726: Fine Grained ACL for CreateTopics (KIP-277) (apache#4795) KAFKA-5588: Remove deprecated --new-consumer tools option (apache#5097) MINOR: Fix for the location of the trogdor.sh executable file in the documentation. (apache#5040) KAFKA-6997: Exclude test-sources.jar when $INCLUDE_TEST_JARS is FALSE MINOR: docs should point to latest version (apache#5132) KAFKA-6981: Move the error handling configuration properties into the ConnectorConfig and SinkConnectorConfig classes (KIP-298) [KAFKA-6730] Simplify State Store Recovery (apache#5013) MINOR: Rename package `internal` to `internals` for consistency (apache#5137) KAFKA-6704: InvalidStateStoreException from IQ when StreamThread closes store (apache#4801) MINOR: Add missing configs for resilience settings MINOR: Add regression tests for KTable mapValues and filter (apache#5134) KAFKA-6750: Add listener name to authentication context (KIP-282) (apache#4829) KAFKA-3665: Enable TLS hostname verification by default (KIP-294) (apache#4956) KAFKA-6938: Add documentation for accessing Headers on Kafka Streams Processor API (apache#5128) KAFKA-6813: return to double-counting for count topology names (apache#5075) KAFKA-5919; Adding checks on "version" field for tools using it MINOR: Remove deprecated KafkaStreams constructors in docs (apache#5118)
ying-zheng
pushed a commit
to ying-zheng/kafka
that referenced
this pull request
Jul 6, 2018
…ache#4956) Make HTTPS the default ssl.endpoint.identification.algorithm. Reviewers: Ismael Juma <ismael@juma.me.uk>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Make HTTPS the default ssl.endpoint.identification.algorithm
Committer Checklist (excluded from commit message)