[jira] [Updated] (ZOOKEEPER-4955) Add option for enabling/disabling certificate revocation check on custom trustmanagers

ASF GitHub Bot (Jira) Thu, 31 Jul 2025 23:51:26 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4955?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated ZOOKEEPER-4955:
--------------------------------------
    Labels: pull-request-available  (was: )

> Add option for enabling/disabling certificate revocation check on custom 
> trustmanagers
> --------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4955
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4955
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: security
>            Reporter: Istvan Toth
>            Assignee: Istvan Toth
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Zookeeper currenlty automatically calls 
> PKIXBuilderParameters#setRevocationEnabled() based on the values of the 
> *ssl.(quorum.)ocsp* and ssl(.quorum).crl config options.
> This means that if we don't set the above options, then ZK will explicitly 
> disable revocation checks. As those options are also setting global 
> System/Security properties, we do not have a way to enable revocation checks 
> without clobbering the revocation related global properties.
> Adding a new property will let ZK enable/disable revocation checks without 
> clobbering the JVM global properties.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ZOOKEEPER-4955) Add option for enabling/disabling certificate revocation check on custom trustmanagers

Reply via email to