anmolnar commented on PR #2277: URL: https://github.com/apache/zookeeper/pull/2277#issuecomment-3046039590
I'm sorry @stoty , but this is the 5th patch that you create on this topic and it's getting impossible for me to follow. I think it would be beneficial to discuss and address the issues separately. I don't really like "clean up" style patches, especially when there're significant changes in the logic. This is not cleaning up. So, I can identify the following issues: - setting OCSP/CRL Java properties explicitly to "true" on the client side while we want to follow system default. I don't want to change this behaviour on the server side at all. This is strictly a client side improvement. - setting OCSP stapling in OpenSSL provider only. There should be a way to check availability in Netty for this rather than relying on enum values. How about using `isAvailable()` and `isOcspSupported()` flags together? - using built-in hostname verification even if Fips style is disabled and we don't have trustStore defined Is the above accurate? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
