+1 to using BOTH by default. Le mer. 25 mars 2026 à 00:55, Steven Wu <[email protected]> a écrit :
> Are there any concerns about changing the hostname verification policy > default from CLIENT to BOTH (more secure) in the 1.11 release? > > This is the last blocker for the 1.11.0 release. Let's decide to unblock > the release. Hopefully we can get 1.11.0 out before the summit. > > On Fri, Mar 20, 2026 at 12:02 PM Steven Wu <[email protected]> wrote: > >> I asked for a dev ML discussion for this. I will share why I favor >> changing the default to HostnameVerificationPolicy.BOTH in the next 1.11 >> release. >> >> * In the production environment, people should use the hostname matching >> the SAN attribute in the certificate. The hostname could be a DNS name, an >> IP address, or both. The certificate must be generated with the proper >> Subject Alternative Name (SAN) matching its intended use. While this is a >> slight behavior change for the 1.11 release, the practical impact should be >> very small since production deployments probably use a DNS name anyway. >> * For the unit test, Alex's PR #15598 provides the customization to allow >> using the loopback IP address (127.0.0.1) with noop hostname verification. >> >> BTW, this is the last blocking PR for version 1.11.0 release. It will be >> great to reach a consensus soon. >> https://github.com/apache/iceberg/milestone/59 >> >> >> On Fri, Mar 20, 2026 at 11:43 AM Alexandre Dutra <[email protected]> >> wrote: >> >>> Hi all, >>> >>> Last week I opened an issue to report what I believe is a regression >>> in the HTTPClient when using TLS: >>> >>> https://github.com/apache/iceberg/issues/15598 >>> >>> I also opened a PR to fix it: >>> >>> https://github.com/apache/iceberg/pull/15500 >>> >>> The fix is basically to expose the HostnameVerificationPolicy in the >>> TLSConfigurer, and I think there is consensus on that. >>> >>> However I would like to have the community's opinion about the default >>> value we should use for the HostnameVerificationPolicy. >>> >>> We can either go with: >>> >>> - CLIENT, which reproduces the current behavior in 1.10 but is less >>> safe; or >>> - BOTH, which introduces a behavioral change, but is the safest option. >>> >>> What do you think? >>> >>> Thanks, >>> Alex >>> >>
