[go client] add validation host name for ClientOptions (apache#3580)

* [go client] add validation hostName for ClientOptions Signed-off-by: xiaolong.ran <[email protected]> * [go client] add validation hostName for ClientOptions Signed-off-by: xiaolong.ran <[email protected]> * rename ValidationHostName to TLSValidateHostname Signed-off-by: xiaolong.ran <[email protected]>
shenweiran · Feb 13, 2019 · 5ca75ef · 5ca75ef
1 parent f0fba94
commit 5ca75ef
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 2 deletions.
diff --git a/pulsar-client-cpp/include/pulsar/c/client_configuration.h b/pulsar-client-cpp/include/pulsar/c/client_configuration.h
@@ -133,7 +133,7 @@ void pulsar_client_configuration_set_stats_interval_in_seconds(pulsar_client_con
 int pulsar_client_configuration_is_validate_hostname(pulsar_client_configuration_t *conf);
 
 void pulsar_client_configuration_set_validate_hostname(pulsar_client_configuration_t *conf,
-                                                       const unsigned int validateHostName);
+                                                       int validateHostName);
 
 /*
  * Get the stats interval set in the client.

diff --git a/pulsar-client-go/pulsar/c_client.go b/pulsar-client-go/pulsar/c_client.go
@@ -90,6 +90,10 @@ func newClient(options ClientOptions) (Client, error) {
 		C.pulsar_client_configuration_set_tls_allow_insecure_connection(conf, cBool(options.TLSAllowInsecureConnection))
 	}
 
+	if options.TLSValidateHostname {
+		C.pulsar_client_configuration_set_validate_hostname(conf, cBool(options.TLSValidateHostname))
+	}
+
 	if options.StatsIntervalInSeconds != 0 {
 		C.pulsar_client_configuration_set_stats_interval_in_seconds(conf, C.uint(options.StatsIntervalInSeconds))
 	}

diff --git a/pulsar-client-go/pulsar/client.go b/pulsar-client-go/pulsar/client.go
@@ -86,6 +86,9 @@ type ClientOptions struct {
 	// Configure whether the Pulsar client accept untrusted TLS certificate from broker (default: false)
 	TLSAllowInsecureConnection bool
 
+	// Configure whether the Pulsar client verify the validity of the host name from broker (default: false)
+	TLSValidateHostname bool
+
 	// Configure the authentication provider. (default: no authentication)
 	// Example: `Authentication: NewAuthenticationTLS("my-cert.pem", "my-key.pem")`
 	Authentication

diff --git a/pulsar-client-go/pulsar/client_test.go b/pulsar-client-go/pulsar/client_test.go
@@ -126,3 +126,29 @@ func TestTokenAuthSupplier(t *testing.T) {
 		}
 	}
 }
+
+var (
+	caPath               = "cacert.pem"
+	clientPublicKeyPath  = "client-cert.pem"
+	clientPrivateKeyPath = "client-key.pem"
+)
+
+func TestClient_ValidationHostName(t *testing.T) {
+	conf := &ClientOptions{
+		URL:                        "https://localhost:8443",
+		TLSAllowInsecureConnection: false,
+		TLSValidateHostname:        true,
+		TLSTrustCertsFilePath:      caPath,
+		Authentication:             NewAuthenticationTLS(clientPublicKeyPath, clientPrivateKeyPath),
+	}
+
+	client, err := NewClient(*conf)
+	assert.Nil(t, err)
+	defer client.Close()
+
+	topicName := "persistent://private/auth/test-tls-detect-https"
+	_, err = client.CreateProducer(ProducerOptions{
+		Topic: topicName,
+	})
+	assert.NotNil(t, err)
+}
diff --git a/pulsar-client-go/pulsar/producer_test.go b/pulsar-client-go/pulsar/producer_test.go
@@ -22,7 +22,6 @@ package pulsar
 import (
 	"context"
 	"fmt"
-	"github.com/stretchr/testify/assert"
 	"testing"
 	"time"