stoty commented on code in PR #2270:
URL: https://github.com/apache/zookeeper/pull/2270#discussion_r2189977474
##########
zookeeper-server/src/main/java/org/apache/zookeeper/common/ClientX509Util.java:
##########
@@ -79,7 +79,11 @@ public SslContext createNettySslContextForClient(ZKConfig
config)
sslContextBuilder.trustManager(tm);
}
-
sslContextBuilder.enableOcsp(config.getBoolean(getSslOcspEnabledProperty()));
+ SslProvider sslProvider = getSslProvider(config);
+ sslContextBuilder.sslProvider(sslProvider);
+ if (sslProvider == SslProvider.OPENSSL || sslProvider ==
SslProvider.OPENSSL_REFCNT) {
Review Comment:
OpenSsl.isOcspSupported() only tells us if the loaded native OpenSSL library
supports OCSP, @anmolnar .
That does not help with original problem, ie. when we try to set it when the
provider is not set to OpenSSL.
We COULD use OpenSsl.isOcspSupported() to log a warning if we try to set it
while it is not supported.
TCnative will just ignore the setting in that case.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
