[
https://issues.apache.org/jira/browse/ZOOKEEPER-4955?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kezhu Wang reassigned ZOOKEEPER-4955:
-------------------------------------
Fix Version/s: 3.10.0
Assignee: Kezhu Wang (was: Istvan Toth)
Resolution: Fixed
> Fix intererence with jvm ssl properties for ssl.crl and ssl.ocsp
> ----------------------------------------------------------------
>
> Key: ZOOKEEPER-4955
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4955
> Project: ZooKeeper
> Issue Type: Improvement
> Components: security
> Reporter: Istvan Toth
> Assignee: Kezhu Wang
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.10.0
>
> Time Spent: 6h 40m
> Remaining Estimate: 0h
>
> EDIT:
> The original proposal was rejected, and a different solution is implemented
> which mimics the JVM internal logic.
> Zookeeper currenlty automatically calls
> PKIXBuilderParameters#setRevocationEnabled() based on the values of the
> *ssl.(quorum.)ocsp* and ssl(.quorum).crl config options.
> This means that if we don't set the above options, then ZK will explicitly
> disable revocation checks. As those options are also setting global
> System/Security properties, we do not have a way to enable revocation checks
> without clobbering the revocation related global properties.
> Adding a new property will let ZK enable/disable revocation checks without
> clobbering the JVM global properties.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
