[
https://issues.apache.org/jira/browse/ZOOKEEPER-4941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17981677#comment-17981677
]
Istvan Toth commented on ZOOKEEPER-4941:
----------------------------------------
TBH some of these properties are fishy.
They are setting JVM global system and security properties,
so they change the JVM global security settings, and apply to *ALL* TLS traffic
of the *JVM*.
It would probably be better to leave them alone and rely on the JVM system
properties.
> Serveral SSL properties ignored when custom trustore is not specified
> ---------------------------------------------------------------------
>
> Key: ZOOKEEPER-4941
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4941
> Project: ZooKeeper
> Issue Type: Bug
> Components: security
> Reporter: Istvan Toth
> Priority: Major
>
> CRL, OCSP, Hostname verification and fips are all ignored if there is no
> custom trustore specified.
> https://github.com/apache/zookeeper/blob/e5dd60bf0512ccc1e090d99410a8da48623219da/zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java#L402
> These properties are all meaningful for the default (cacerts) JVM
> certificates.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
