adutra commented on PR #15500: URL: https://github.com/apache/iceberg/pull/15500#issuecomment-4198229628
> Though one thing I think while researching this flag, i would **recommend** we mention this in JSSE as default in the release notes explictly! That's a good idea! Here is a suggestion for the release notes: > When no custom `HostnameVerifier` is provided via `TLSConfigurer`, the REST client now uses JSSE's built-in hostname verification (during the TLS handshake) instead of Apache HttpClient's `DefaultHostnameVerifier` (after the handshake). Both verify the server certificate's SANs/CN against the target hostname. Users providing a custom `HostnameVerifier` are unaffected — their verifier continues to be used exclusively. cc @aihuaxu -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
