From d98562dbedf1bfce31aa42fe9e823d129a95fb39 Mon Sep 17 00:00:00 2001
From: Sijie Guo <sijie@apache.org>
Date: Fri, 3 Jan 2020 12:11:29 +0800
Subject: [PATCH] [proxy] Proxy doesn't use the right ca certicate to connect
 to brokers (#5971)

*Motivation*

Currently proxy uses the proxy ca certicate to connect to brokers.
It is fine if proxy and broker are using th same CA. However if the broker
is using a different CA than proxy, "HTTP 502 Bad Gateway" is returned from proxy
when tlsEnabledWithBroker is set to true.

*Modifications*

Change to use the right CA

*Verify this change*

Verify it is working in a production environment.
---
 .../java/org/apache/pulsar/proxy/server/AdminProxyHandler.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/AdminProxyHandler.java b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/AdminProxyHandler.java
index 5316ab8df6f0a..ca44c8fe0c08f 100644
--- a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/AdminProxyHandler.java
+++ b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/AdminProxyHandler.java
@@ -214,7 +214,7 @@ protected HttpClient newHttpClient() {
             if (config.isTlsEnabledWithBroker()) {
                 try {
                     X509Certificate trustCertificates[] = SecurityUtility
-                        .loadCertificatesFromPemFile(config.getTlsTrustCertsFilePath());
+                        .loadCertificatesFromPemFile(config.getBrokerClientTrustCertsFilePath());
 
                     SSLContext sslCtx;
                     AuthenticationDataProvider authData = auth.getAuthData();