zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anmolnar <...@git.apache.org>
Subject [GitHub] zookeeper pull request #679: ZOOKEEPER-3172: Quorum TLS - fix port unificati...
Date Wed, 14 Nov 2018 22:35:03 GMT
Github user anmolnar commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/679#discussion_r233632959
  
    --- Diff: zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
    @@ -350,14 +389,22 @@ public static X509TrustManager createTrustManager(
         public SSLSocket createSSLSocket() throws X509Exception, IOException {
             SSLSocket sslSocket = (SSLSocket) getDefaultSSLContext().getSocketFactory().createSocket();
             configureSSLSocket(sslSocket);
    -
    +        sslSocket.setUseClientMode(true);
             return sslSocket;
         }
     
    -    public SSLSocket createSSLSocket(Socket socket) throws X509Exception, IOException
{
    -        SSLSocket sslSocket = (SSLSocket) getDefaultSSLContext().getSocketFactory().createSocket(socket,
null, socket.getPort(), true);
    +    public SSLSocket createSSLSocket(Socket socket, byte[] pushbackBytes) throws X509Exception,
IOException {
    +        SSLSocket sslSocket;
    +        if (pushbackBytes != null && pushbackBytes.length > 0) {
    +            sslSocket = (SSLSocket) getDefaultSSLContext().getSocketFactory().createSocket(
    +                    socket, new ByteArrayInputStream(pushbackBytes), true);
    +        } else {
    +            sslSocket = (SSLSocket) getDefaultSSLContext().getSocketFactory().createSocket(
    +                    socket, null, socket.getPort(), true);
    +        }
             configureSSLSocket(sslSocket);
    -
    +        sslSocket.setUseClientMode(false);
    --- End diff --
    
    Just to double check what you changed here:
    - setting the client mode explicitly on both client/server side,
    - requesting client authentication in TLS mode: so without client authentication, quorum
TLS cannot be established anymore


---

Mime
View raw message