ZOOKEEPER-4949: Clean up TLS CRL/OCSP configuration #2276

stoty · 2025-07-07T11:05:25Z

Enable FIPS style server hostname verification if truststore is not specified
Make sure tcnative specific enableOCSP method is not called for JRE SSL provider
Add new config option to enable tcnative specific enableOCSP method
Add new config option to separetely enable certificate revocation checking for custom truststores
Add new config option to disable existing implicit certificate revocation checking logic for custom truststores
Document dependencies of TLS truststore related options

- Enable FIPS style server hostname verification if truststore is not specified - Make sure tcnative specific enableOCSP method is not called for JRE SSL provider - Add new config option to enable tcnative specific enableOCSP method - Add new config option to separetely enable certificate revocation checking for custom truststores - Add new config option to disable existing implicit certificate revocation checking logic for custom truststores - Document dependencies of TLS truststore related options

stoty · 2025-07-07T11:07:35Z

#2276 is an improved version of this PR.

stoty mentioned this pull request Jul 7, 2025

ZOOKEEPER-4940: Enabling zookeeper.ssl.ocsp with JRE TLS provider errors out #2270

Merged

stoty closed this Jul 7, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ZOOKEEPER-4949: Clean up TLS CRL/OCSP configuration #2276

ZOOKEEPER-4949: Clean up TLS CRL/OCSP configuration #2276

Uh oh!

stoty commented Jul 7, 2025

Uh oh!

stoty commented Jul 7, 2025

Uh oh!

Uh oh!

ZOOKEEPER-4949: Clean up TLS CRL/OCSP configuration #2276

ZOOKEEPER-4949: Clean up TLS CRL/OCSP configuration #2276

Uh oh!

Conversation

stoty commented Jul 7, 2025

Uh oh!

stoty commented Jul 7, 2025

Uh oh!

Uh oh!