Github user ivmaykov commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/679#discussion_r233656201 --- Diff: zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java --- @@ -350,14 +389,22 @@ public static X509TrustManager createTrustManager( public SSLSocket createSSLSocket() throws X509Exception, IOException { SSLSocket sslSocket = (SSLSocket) getDefaultSSLContext().getSocketFactory().createSocket(); configureSSLSocket(sslSocket); - + sslSocket.setUseClientMode(true); return sslSocket; } - public SSLSocket createSSLSocket(Socket socket) throws X509Exception, IOException { - SSLSocket sslSocket = (SSLSocket) getDefaultSSLContext().getSocketFactory().createSocket(socket, null, socket.getPort(), true); + public SSLSocket createSSLSocket(Socket socket, byte[] pushbackBytes) throws X509Exception, IOException { + SSLSocket sslSocket; + if (pushbackBytes != null && pushbackBytes.length > 0) { + sslSocket = (SSLSocket) getDefaultSSLContext().getSocketFactory().createSocket( + socket, new ByteArrayInputStream(pushbackBytes), true); + } else { + sslSocket = (SSLSocket) getDefaultSSLContext().getSocketFactory().createSocket( + socket, null, socket.getPort(), true); + } configureSSLSocket(sslSocket); - + sslSocket.setUseClientMode(false); --- End diff -- Yes and yes. In #681 I make the client auth setting configurable.
---