rearrange code to make patch smaller

stoty · stoty · commit ab1065a5edcc · 2025-07-17T08:02:36.000+02:00
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/common/ClientX509Util.java b/zookeeper-server/src/main/java/org/apache/zookeeper/common/ClientX509Util.java
@@ -80,7 +80,6 @@ public SslContext createNettySslContextForClient(ZKConfig config)
             sslContextBuilder.trustManager(tm);
         }
 
-        sslContextBuilder.sslProvider(getSslProvider(config));
         handleTcnativeOcspStapling(sslContextBuilder, config);
         String[] enabledProtocols = getEnabledProtocols(config);
         if (enabledProtocols != null) {
@@ -90,6 +89,7 @@ public SslContext createNettySslContextForClient(ZKConfig config)
         if (enabledCiphers != null) {
             sslContextBuilder.ciphers(enabledCiphers);
         }
+        sslContextBuilder.sslProvider(getSslProvider(config));
 
         SslContext sslContext1 = sslContextBuilder.build();
 
@@ -100,31 +100,6 @@ public SslContext createNettySslContextForClient(ZKConfig config)
         }
     }
 
-    private SslContextBuilder handleTcnativeOcspStapling(SslContextBuilder builder, ZKConfig config) {
-        SslProvider sslProvider = getSslProvider(config);
-        boolean tcnative = sslProvider == SslProvider.OPENSSL || sslProvider == SslProvider.OPENSSL_REFCNT;
-        boolean ocspEnabled = config.getBoolean(getSslOcspEnabledProperty());
-        TriState tcnativeOcspStapling = config.getTristate(getSslTcnativeOcspStaplingEnabledProperty());
-
-        if (tcnative && ocspEnabled && tcnativeOcspStapling.isDefault() && OpenSsl.isOcspSupported()) {
-            // Maintain old behaviour (mostly, we also check for OpenSsl.isOcspSupported())
-            builder.enableOcsp(ocspEnabled);
-        } else if (tcnativeOcspStapling.isTrue()) {
-            if (!tcnative) {
-                // Don't override the explicit setting, let it error out
-                LOG.error("Trying to enable OpenSSL OCSP stapling for non-OpenSSL TLS provider. "
-                        + "This is going to fail. Please fix the TLS configuration");
-            } else if (!OpenSsl.isOcspSupported()) {
-                LOG.warn("Trying to enable OpenSSL OCSP stapling for OpenSSL provider {} which does not support it. "
-                        + "This is either going to be ignored or fail.", OpenSsl.versionString());
-            }
-            builder.enableOcsp(true);
-        } else if (tcnativeOcspStapling.isFalse()) {
-            builder.enableOcsp(false);
-        }
-        return builder;
-    }
-
     public SslContext createNettySslContextForServer(ZKConfig config)
         throws X509Exception.SSLContextException, X509Exception.KeyManagerException, X509Exception.TrustManagerException, SSLException {
         String keyStoreLocation = config.getProperty(getSslKeystoreLocationProperty(), "");
@@ -148,7 +123,7 @@ public SslContext createNettySslContextForServer(ZKConfig config, KeyManager key
         if (trustManager != null) {
             sslContextBuilder.trustManager(trustManager);
         }
-        sslContextBuilder.sslProvider(getSslProvider(config));
+
         handleTcnativeOcspStapling(sslContextBuilder, config);
         String[] enabledProtocols = getEnabledProtocols(config);
         if (enabledProtocols != null) {
@@ -159,6 +134,7 @@ public SslContext createNettySslContextForServer(ZKConfig config, KeyManager key
         if (enabledCiphers != null) {
             sslContextBuilder.ciphers(enabledCiphers);
         }
+        sslContextBuilder.sslProvider(getSslProvider(config));
 
         SslContext sslContext1 = sslContextBuilder.build();
 
@@ -169,6 +145,31 @@ public SslContext createNettySslContextForServer(ZKConfig config, KeyManager key
         }
     }
 
+    private SslContextBuilder handleTcnativeOcspStapling(SslContextBuilder builder, ZKConfig config) {
+        SslProvider sslProvider = getSslProvider(config);
+        boolean tcnative = sslProvider == SslProvider.OPENSSL || sslProvider == SslProvider.OPENSSL_REFCNT;
+        boolean ocspEnabled = config.getBoolean(getSslOcspEnabledProperty());
+        TriState tcnativeOcspStapling = config.getTristate(getSslTcnativeOcspStaplingEnabledProperty());
+
+        if (tcnative && ocspEnabled && tcnativeOcspStapling.isDefault() && OpenSsl.isOcspSupported()) {
+            // Maintain old behaviour (mostly, we also check for OpenSsl.isOcspSupported())
+            builder.enableOcsp(ocspEnabled);
+        } else if (tcnativeOcspStapling.isTrue()) {
+            if (!tcnative) {
+                // Don't override the explicit setting, let it error out
+                LOG.error("Trying to enable OpenSSL OCSP stapling for non-OpenSSL TLS provider. "
+                        + "This is going to fail. Please fix the TLS configuration");
+            } else if (!OpenSsl.isOcspSupported()) {
+                LOG.warn("Trying to enable OpenSSL OCSP stapling for OpenSSL provider {} which does not support it. "
+                        + "This is either going to be ignored or fail.", OpenSsl.versionString());
+            }
+            builder.enableOcsp(true);
+        } else if (tcnativeOcspStapling.isFalse()) {
+            builder.enableOcsp(false);
+        }
+        return builder;
+    }
+
     private SslContext addHostnameVerification(SslContext sslContext, String clientOrServer) {
         return new DelegatingSslContext(sslContext) {
             @Override
