[jira] [Assigned] (ZOOKEEPER-4958) "ssl.clientHostnameVerification" is ignored if "ssl.authProvider" is configured to "x509"

Sun, 17 Aug 2025 00:23:52 -0700 


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kezhu Wang reassigned ZOOKEEPER-4958:
-------------------------------------

    Assignee: Kezhu Wang

> "ssl.clientHostnameVerification" is ignored if "ssl.authProvider" is 
> configured to "x509"
> -----------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4958
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4958
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.8.4, 3.9.3
>            Reporter: Kezhu Wang
>            Assignee: Kezhu Wang
>            Priority: Major
>
> {{NettyServerCnxnFactory}} uses {{TrustManager}} from 
> {{X509AuthenticationProvider}} if {{ssl.authProvider}} is configured.
> But the {{clientHostnameVerificationEnabled}} is explicitly set to {{false}} 
> in construction.
> I confirmed this locally with test.
> Server configs:
> * zookeeper.ssl.hostnameVerification: true
> * zookeeper.ssl.clientHostnameVerification: true
> * zookeeper.fips-mode: false
> * zookeeper.ssl.authProvider: x509
> Related codes:
> * 
> https://github.com/apache/zookeeper/blob/770804bef861bbfc9e150b63774f8557f1f8d995/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java#L572
> * 
> https://github.com/apache/zookeeper/blob/770804bef861bbfc9e150b63774f8557f1f8d995/zookeeper-server/src/main/java/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java#L123



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to