Skip to content
This repository has been archived by the owner on Apr 1, 2024. It is now read-only.

ISSUE-16416: The pulsar-admin doesn't set SNI properly when tlsEnableHostnameVerification is false #4481

Open
sijie opened this issue Jul 6, 2022 · 0 comments
Open

ISSUE-16416: The pulsar-admin doesn't set SNI properly when tlsEnableHostnameVerification is false #4481

sijie opened this issue Jul 6, 2022 · 0 comments
Labels
Stale type/bug

Comments

@sijie
Copy link
Member

sijie commented Jul 6, 2022

Original Issue: apache#16416

Describe the bug
The async-http-client used in pulsar-admin doesn't set SNI properly when tlsEnableHostnameVerification is false, see https://github.com/AsyncHttpClient/async-http-client/blob/master/client/src/main/java/org/asynchttpclient/netty/ssl/DefaultSslEngineFactory.java#L65. This will fail https requests that rely on SNI routing, like a pulsar cluster deployed behind an istio gateway.

The behavior was introduced in the PR apache#15824 since the async-http-client doesn't split the flag for SNI header and hostname verification. @michaeljmarshall

To Reproduce

Set tlsEnableHostnameVerification to false in the client.conf, and use pulsar-admin to operate a pulsar cluster behind the istio gateway.

Expected behavior

The pulsar-admin should set the SNI header properly.

Screenshots
N/A

Desktop (please complete the following information):

  • OS: MAC OS X

Additional context
@sijie sijie added the type/bug label Jul 6, 2022
@sijie sijie added the Stale label Aug 17, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Stale type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sijie