Re: [PR] ZOOKEEPER-4955: Fix intererence with jvm wide ssl properties for ssl.crl and ssl.ocsp [zookeeper]

via GitHub Mon, 11 Aug 2025 04:05:13 -0700


kezhuw commented on code in PR #2289:
URL: https://github.com/apache/zookeeper/pull/2289#discussion_r2266359323



##########
zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java:
##########
@@ -549,12 +554,21 @@ public static X509TrustManager createTrustManager(
             KeyStore ts = loadTrustStore(trustStoreLocation, 
trustStorePassword, trustStoreTypeProp);
             PKIXBuilderParameters pbParams = new PKIXBuilderParameters(ts, new 
X509CertSelector());
             if (crlEnabled || ocspEnabled) {

Review Comment:
   ```suggestion
               if (crlEnabled) {
   ```
   
   I think we probably should make this consistent how jdk handle 
"com.sun.net.ssl.checkRevocation" and "ocsp.enable". Revocation checking will 
only be enabled through "com.sun.net.ssl.checkRevocation" but not "ocsp.enable".



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] ZOOKEEPER-4955: Fix intererence with jvm wide ssl properties for ssl.crl and ssl.ocsp [zookeeper]

Reply via email to