eseabrook1 opened a new pull request, #2257:
URL: https://github.com/apache/zookeeper/pull/2257

   In the Zookeeper C library it is possible to initiate a connection using SSL 
by 
   providing a "cert" string to zookeeper_init_ssl(). However in order to call 
   this function, it is my understanding that callers must provide four things: 
   
     1)The path to a Server CA file to validate the server's certificate
     2)The path to a Client CA file, with a complete certificate chain
     3)The path to a file containing the Client Private Key
     4)The password for the key file
   
   This understanding is based on the implementation of init_ssl_for_socket 
   
https://github.com/apache/zookeeper/blob/b86ccf19cf6c32f7e58e36754b6f3534be56772
   7/zookeeper-client/zookeeper-client-c/src/zookeeper.c#L2758-L2793
   
   For our use case, connecting to a server that does not support mTLS, it 
would 
   be useful if we could specify only the CA for the server certificate, 
omitting 
   the client parameters completely. This is something this is already possible 
   with other Zookeeper client libraries, for example Kazoo: 
   
https://github.com/python-zk/kazoo/blob/c5ab98819b3a797e12a0315e97e51851525da70f
   /kazoo/handlers/utils.py#L253-L260
   
   This Pull Request proposed a change to relax the requirements for the client 
SSL certificates 
   and allow just a sever certificate to be provided. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to