zeekling commented on code in PR #2257:
URL: https://github.com/apache/zookeeper/pull/2257#discussion_r2120043028
##########
zookeeper-client/zookeeper-client-c/src/zookeeper.c:
##########
@@ -2769,27 +2769,30 @@ static int init_ssl_for_socket(zsock_t *fd, zhandle_t
*zh, int fail_on_error) {
errno = EINVAL;
return ZBADARGUMENTS;
}
- /*CLIENT CA FILE (With Certificate Chain)*/
- if (SSL_CTX_use_certificate_chain_file(*ctx, fd->cert->cert) != 1) {
- SSL_CTX_free(*ctx);
- LOG_ERROR(LOGCALLBACK(zh), "Failed to load client certificate
chain from %s", fd->cert->cert);
- errno = EINVAL;
- return ZBADARGUMENTS;
- }
- /*CLIENT PRIVATE KEY*/
- SSL_CTX_set_default_passwd_cb_userdata(*ctx, fd->cert->passwd);
- if (SSL_CTX_use_PrivateKey_file(*ctx, fd->cert->key, SSL_FILETYPE_PEM)
!= 1) {
- SSL_CTX_free(*ctx);
- LOG_ERROR(LOGCALLBACK(zh), "Failed to load client private key from
%s", fd->cert->key);
- errno = EINVAL;
- return ZBADARGUMENTS;
- }
- /*CHECK*/
- if (SSL_CTX_check_private_key(*ctx) != 1) {
- SSL_CTX_free(*ctx);
- LOG_ERROR(LOGCALLBACK(zh), "SSL_CTX_check_private_key failed");
- errno = EINVAL;
- return ZBADARGUMENTS;
+ if (fd->cert->cert != NULL && fd->cert->passwd != NULL &&
fd->cert->key != NULL)
Review Comment:
maybe need `SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);` in client
when skip cert.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
