Github user ivmaykov commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/679#discussion_r233656201
--- Diff:
zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
@@ -350,14 +389,22 @@ public static X509TrustManager createTrustManager(
public SSLSocket createSSLSocket() throws X509Exception, IOException {
SSLSocket sslSocket = (SSLSocket)
getDefaultSSLContext().getSocketFactory().createSocket();
configureSSLSocket(sslSocket);
-
+ sslSocket.setUseClientMode(true);
return sslSocket;
}
- public SSLSocket createSSLSocket(Socket socket) throws X509Exception,
IOException {
- SSLSocket sslSocket = (SSLSocket)
getDefaultSSLContext().getSocketFactory().createSocket(socket, null,
socket.getPort(), true);
+ public SSLSocket createSSLSocket(Socket socket, byte[] pushbackBytes)
throws X509Exception, IOException {
+ SSLSocket sslSocket;
+ if (pushbackBytes != null && pushbackBytes.length > 0) {
+ sslSocket = (SSLSocket)
getDefaultSSLContext().getSocketFactory().createSocket(
+ socket, new ByteArrayInputStream(pushbackBytes), true);
+ } else {
+ sslSocket = (SSLSocket)
getDefaultSSLContext().getSocketFactory().createSocket(
+ socket, null, socket.getPort(), true);
+ }
configureSSLSocket(sslSocket);
-
+ sslSocket.setUseClientMode(false);
--- End diff --
Yes and yes. In #681 I make the client auth setting configurable.
---
