TLS Hostname verification undefined for C++/python client #2793
Assignees
Comments
|
I'm currently adding documentation to security-tls-transport.md for hostname verification, and am stating that it doesn't work for C++. Please update the docs when this is fixed. |
ivankelly
added
type/bug
|
hostname verification has been added by #1215 |
|
@sijie that change only added the implementation. documentation needs to be updated too. |
sijie
added
the
doc
|
@jennifer88huang this requires documentation updates. |
|
Got it. |
|
hostname verification has been added in C++ in #2475 |
|
@ivankelly , the doc is updated, could you please help review it? here is the PR link: #7162, Thanks. |
This was referenced Jun 5, 2020
sijie
pushed a commit
that referenced
this issue
Jun 8, 2020
…n clients (#7182) Fixes #2793 ### Motivation Based on description in issue #2793, code example of host verification for C++ and Python clients are not correct. Therefore, update the security-tls-transport.md doc. Doc for master has been updated and merged. This PR is for updating docs for previous releases. ### Modifications 1: update the TLS hostname verification code example for C++ and Python clients. 2: fix link errors. 3: re-arrange doc heading levels. 4: update the docs for the following releases: 2.5.2---2.2.0
cdbartholomew
pushed a commit
to kafkaesque-io/pulsar
that referenced
this issue
Jul 24, 2020
…n clients (apache#7182) Fixes apache#2793 ### Motivation Based on description in issue apache#2793, code example of host verification for C++ and Python clients are not correct. Therefore, update the security-tls-transport.md doc. Doc for master has been updated and merged. This PR is for updating docs for previous releases. ### Modifications 1: update the TLS hostname verification code example for C++ and Python clients. 2: fix link errors. 3: re-arrange doc heading levels. 4: update the docs for the following releases: 2.5.2---2.2.0
huangdx0726
pushed a commit
to huangdx0726/pulsar
that referenced
this issue
Aug 24, 2020
…n clients (apache#7182) Fixes apache#2793 ### Motivation Based on description in issue apache#2793, code example of host verification for C++ and Python clients are not correct. Therefore, update the security-tls-transport.md doc. Doc for master has been updated and merged. This PR is for updating docs for previous releases. ### Modifications 1: update the TLS hostname verification code example for C++ and Python clients. 2: fix link errors. 3: re-arrange doc heading levels. 4: update the docs for the following releases: 2.5.2---2.2.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've not tested with code, but it looks like TLS hostname verification is a mess for the C++ client (and python by extension).
For binary connections, no hostname verification takes place as far as I can see. For http connections (for lookups) it takes place every time.
I suspect this made it through testing since the tls certs used to test C++ use localhost as the common name. We should expose the ability to add the host verification in the configuration.
The text was updated successfully, but these errors were encountered: