eseabrook1 opened a new pull request, #2257:
URL: https://github.com/apache/zookeeper/pull/2257
In the Zookeeper C library it is possible to initiate a connection using SSL
by
providing a "cert" string to zookeeper_init_ssl(). However in order to call
this function, it is my understanding that callers must provide four things:
1)The path to a Server CA file to validate the server's certificate
2)The path to a Client CA file, with a complete certificate chain
3)The path to a file containing the Client Private Key
4)The password for the key file
This understanding is based on the implementation of init_ssl_for_socket
https://github.com/apache/zookeeper/blob/b86ccf19cf6c32f7e58e36754b6f3534be56772
7/zookeeper-client/zookeeper-client-c/src/zookeeper.c#L2758-L2793
For our use case, connecting to a server that does not support mTLS, it
would
be useful if we could specify only the CA for the server certificate,
omitting
the client parameters completely. This is something this is already possible
with other Zookeeper client libraries, for example Kazoo:
https://github.com/python-zk/kazoo/blob/c5ab98819b3a797e12a0315e97e51851525da70f
/kazoo/handlers/utils.py#L253-L260
This Pull Request proposed a change to relax the requirements for the client
SSL certificates
and allow just a sever certificate to be provided.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
