[Issue 2793][Doc]--Update the TLS hostname verification for CPP and P…

…ython clients (#7162) Main updates: 1: update the TLS hostname verification code example for C++ and Python clients. 2: fix link errors. 3: arrange doc heading levels.
apache · Jun 5, 2020 · 5070b14 · 5070b14
1 parent 0d59487
commit 5070b14
Showing 1 changed file with 14 additions and 13 deletions.
diff --git a/site2/docs/security-tls-transport.md b/site2/docs/security-tls-transport.md
@@ -168,7 +168,7 @@ When you enable the TLS transport encryption, you need to configure the client t
 
 As the server certificate that you generated above does not belong to any of the default trust chains, you also need to either specify the path the **trust cert** (recommended), or tell the client to allow untrusted server certs.
 
-#### Hostname verification
+### Hostname verification
 
 Hostname verification is a TLS security feature whereby a client can refuse to connect to a server if the "CommonName" does not match the hostname to which the hostname is connecting. By default, Pulsar clients disable hostname verification, as it requires that each broker has a DNS record and a unique cert.
 
@@ -180,7 +180,7 @@ The examples below show hostname verification being disabled for the Java client
 
 ### CLI tools
 
-[Command-line tools](reference-cli-tools.md) like [`pulsar-admin`](reference-cli-tools#pulsar-admin), [`pulsar-perf`](reference-cli-tools#pulsar-perf), and [`pulsar-client`](reference-cli-tools#pulsar-client) use the `conf/client.conf` config file in a Pulsar installation.
+[Command-line tools](reference-cli-tools.md) like [`pulsar-admin`](reference-cli-tools.md#pulsar-admin), [`pulsar-perf`](reference-cli-tools.md#pulsar-perf), and [`pulsar-client`](reference-cli-tools.md#pulsar-client) use the `conf/client.conf` config file in a Pulsar installation.
 
 You need to add the following parameters to that file to use TLS transport with the CLI tools of Pulsar:
 
@@ -193,7 +193,7 @@ tlsTrustCertsFilePath=/path/to/ca.cert.pem
 tlsEnableHostnameVerification=false
 ```
 
-### Java client
+#### Java client
 
 ```java
 import org.apache.pulsar.client.api.PulsarClient;
@@ -207,30 +207,31 @@ PulsarClient client = PulsarClient.builder()
     .build();
 ```
 
-### Python client
+#### Python client
 
 ```python
 from pulsar import Client
 
 client = Client("pulsar+ssl://broker.example.com:6651/",
+                tls_hostname_verification=True,
                 tls_trust_certs_file_path="/path/to/ca.cert.pem",
                 tls_allow_insecure_connection=False) // defaults to false from v2.2.0 onwards
 ```
 
-### C++ client
+#### C++ client
 
 ```c++
 #include <pulsar/Client.h>
 
-pulsar::ClientConfiguration config;
-config.setUseTls(true);
-config.setTlsTrustCertsFilePath("/path/to/ca.cert.pem");
-config.setTlsAllowInsecureConnection(false); // defaults to false from v2.2.0 onwards
-
-pulsar::Client client("pulsar+ssl://broker.example.com:6651/", config);
+ClientConfiguration config = ClientConfiguration();
+config.setUseTls(true);  // shouldn't be needed soon
+config.setTlsTrustCertsFilePath(caPath);
+config.setTlsAllowInsecureConnection(false);
+config.setAuth(pulsar::AuthTls::create(clientPublicKeyPath, clientPrivateKeyPath));
+config.setValidateHostName(true);
 ```
 
-### Node.js client
+#### Node.js client
 
 ```JavaScript
 const Pulsar = require('pulsar-client');
@@ -243,7 +244,7 @@ const Pulsar = require('pulsar-client');
 })();
 ```
 
-### C# client
+#### C# client
 
 ```c#
 var certificate = new X509Certificate2("ca.cert.pem");