eseabrook1 opened a new pull request, #2257: URL: https://github.com/apache/zookeeper/pull/2257
In the Zookeeper C library it is possible to initiate a connection using SSL by providing a "cert" string to zookeeper_init_ssl(). However in order to call this function, it is my understanding that callers must provide four things: 1)The path to a Server CA file to validate the server's certificate 2)The path to a Client CA file, with a complete certificate chain 3)The path to a file containing the Client Private Key 4)The password for the key file This understanding is based on the implementation of init_ssl_for_socket https://github.com/apache/zookeeper/blob/b86ccf19cf6c32f7e58e36754b6f3534be56772 7/zookeeper-client/zookeeper-client-c/src/zookeeper.c#L2758-L2793 For our use case, connecting to a server that does not support mTLS, it would be useful if we could specify only the CA for the server certificate, omitting the client parameters completely. This is something this is already possible with other Zookeeper client libraries, for example Kazoo: https://github.com/python-zk/kazoo/blob/c5ab98819b3a797e12a0315e97e51851525da70f /kazoo/handlers/utils.py#L253-L260 This Pull Request proposed a change to relax the requirements for the client SSL certificates and allow just a sever certificate to be provided. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org