Claus Ibsen created CAMEL-24056:
-----------------------------------
Summary: camel-kafka - Mark sslEndpointAlgorithm as
security=insecure:ssl
Key: CAMEL-24056
URL: https://issues.apache.org/jira/browse/CAMEL-24056
Project: Camel
Issue Type: Improvement
Components: camel-kafka
Reporter: Claus Ibsen
The {{sslEndpointAlgorithm}} option in {{KafkaConfiguration}} allows disabling
TLS hostname verification by setting it to an empty value or {{none}}. However,
it is not annotated with {{security = "insecure:ssl"}}, so Camel's security
policy framework cannot identify it as an option that weakens SSL verification.
The {{camel-openai}} component already has this annotation (added in
CAMEL-23970). The same annotation should be added to {{camel-kafka}} for
consistency.
File:
{{components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaConfiguration.java}}
Change:
{code:java}
// Current:
@UriParam(label = "common,security", defaultValue = "https")
private String sslEndpointAlgorithm =
SslConfigs.DEFAULT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM;
// Should be:
@UriParam(label = "common,security", defaultValue = "https", security =
"insecure:ssl")
private String sslEndpointAlgorithm =
SslConfigs.DEFAULT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM;
{code}
After annotation change, regenerate catalog and SecurityUtils.java.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)