Hello, I am interested in making a small contribution to the Zookeeper C client library, and wanted to confirm the general direction with the maintainers before opening a JIRA issue/Github Pull Request.
In the Zookeeper C library it is possible to initiate a connection using SSL by providing a "cert" string to zookeeper_init_ssl(). However in order to call this function, it is my understanding that callers must provide four things: 1)The path to a Server CA file to validate the server's certificate 2)The path to a Client CA file, with a complete certificate chain 3)The path to a file containing the Client Private Key 4)The password for the key file This understanding is based on the implementation of init_ssl_for_socket https://github.com/apache/zookeeper/blob/b86ccf19cf6c32f7e58e36754b6f3534be567727/zookeeper-client/zookeeper-client-c/src/zookeeper.c#L2758-L2793 For our use case, connecting to a server that does not support mTLS, it would be useful if we could specify only the CA for the server certificate, omitting the client parameters completely. This is something this is already possible with other Zookeeper client libraries, for example Kazoo: https://github.com/python-zk/kazoo/blob/c5ab98819b3a797e12a0315e97e51851525da70f/kazoo/handlers/utils.py#L253-L260 Would a change to remove the requirement to provide the client parameters in the "cert" string be a reasonable change, and what would be the next steps to contribute such a change? Thanks, Edward Seabrook
