We removed it from cassandra.h because we saw no point in disabling hostname resolution.
However, the name is misleading.
Description of this:
* Enable/Disable retrieving hostnames for IP addresses using reverse IP lookup.
*
* This is useful for authentication (Kerberos) or encryption (SSL) services
* that require a valid hostname for verification.
So this is about reverse-lookup, not just DNS resolution.
It is also mentioned in description of cass_ssl_set_verify_flags:
/**
* Sets verification performed on the peer's certificate.
*
* CASS_SSL_VERIFY_NONE - No verification is performed
* CASS_SSL_VERIFY_PEER_CERT - Certificate is present and valid
* CASS_SSL_VERIFY_PEER_IDENTITY - IP address matches the certificate's
* common name or one of its subject alternative names. This implies the
* certificate is also present.
* CASS_SSL_VERIFY_PEER_IDENTITY_DNS - Hostname matches the certificate's
* common name or one of its subject alternative names. This implies the
* certificate is also present. Hostname resolution must also be enabled.
*
* <b>Default:</b> CASS_SSL_VERIFY_PEER_CERT
*
* @public @memberof CassSsl
*
* @param[in] ssl
* @param[in] flags
* @return CASS_OK if successful, otherwise an error occurred
*
* @see cass_cluster_set_use_hostname_resolution()
*/
CASS_EXPORT void
cass_ssl_set_verify_flags(CassSsl* ssl,
int flags);
We should verify again if this functionality really is something that we want to totally get rid of.
We removed it from cassandra.h because we saw no point in disabling hostname resolution.
However, the name is misleading.
Description of this:
So this is about reverse-lookup, not just DNS resolution.
It is also mentioned in description of cass_ssl_set_verify_flags:
We should verify again if this functionality really is something that we want to totally get rid of.