[ 
https://issues.apache.org/jira/browse/CAMEL-24056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18096103#comment-18096103
 ] 

Claus Ibsen commented on CAMEL-24056:
-------------------------------------

I think it needs insecureValue = "none" as well so if you dont use https. And 
is the algorithm really https ?

> camel-kafka - Mark sslEndpointAlgorithm as security=insecure:ssl
> ----------------------------------------------------------------
>
>                 Key: CAMEL-24056
>                 URL: https://issues.apache.org/jira/browse/CAMEL-24056
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-kafka
>            Reporter: Claus Ibsen
>            Priority: Major
>              Labels: good-first-issue
>             Fix For: 4.22.0
>
>
> The {{sslEndpointAlgorithm}} option in {{KafkaConfiguration}} allows 
> disabling TLS hostname verification by setting it to an empty value or 
> {{none}}. However, it is not annotated with {{security = "insecure:ssl"}}, so 
> Camel's security policy framework cannot identify it as an option that 
> weakens SSL verification.
> The {{camel-openai}} component already has this annotation (added in 
> CAMEL-23970). The same annotation should be added to {{camel-kafka}} for 
> consistency.
> File: 
> {{components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaConfiguration.java}}
> Change:
> {code:java}
> // Current:
> @UriParam(label = "common,security", defaultValue = "https")
> private String sslEndpointAlgorithm = 
> SslConfigs.DEFAULT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM;
> // Should be:
> @UriParam(label = "common,security", defaultValue = "https", security = 
> "insecure:ssl")
> private String sslEndpointAlgorithm = 
> SslConfigs.DEFAULT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM;
> {code}
> After annotation change, regenerate catalog and SecurityUtils.java.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to