Hello Zookeeper Developers,
i was testing out Zookeepers TLS capabilities for client as well as quorum communication and came across a strange issue. If you are using a PEM file for the quorum truststore you cannot renew the certificate with the same DN. To go more into detail, I was testing out the renewal, so I created a new certificate with the same key for one of my nodes. When trying to deploy the new certificate in the truststore I noticed that only one of those certificates got accepted, never both, and also depending on order inside the PEM file. After some digging I (seemingly) found the line responsible for that behaviour https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/main/java/org/apache/zookeeper/util/PemReader.java#L97 >From my basic Java understanding It seems like certificates with the same DN >gets replaced inside that Dictionary. Can someone look at this issue and perhaps implement a fix? I unfortunately lack the knowledge to do so. I would love to use PEM files for the truststores due to their ease of use in comparison to JKS for example. Thanks Johannes
