ZOOKEEPER-4958: Fix client hostname verification ignored in server if ssl.authProvider configured

`NettyServerCnxnFactory` uses `TrustManager` from `X509AuthenticationProvider`
if `ssl.authProvider` is configured. But `clientHostnameVerificationEnabled`
is explicitly set to `false` in construction of `X509AuthenticationProvider`.

This cause the server skip hostname verification agaist client
certificate.

This is reproducible in case of following server configs:

* zookeeper.ssl.hostnameVerification: true
* zookeeper.ssl.clientHostnameVerification: true
* zookeeper.fips-mode: false
* zookeeper.ssl.authProvider: x509

Author: kezhuw

zookeeper-server/src/main/java/org/apache/zookeeper/server/auth/KeyAuthenticationProvider.java

@@ -37,7 +37,7 @@
  * See the "Pluggable ZooKeeper authentication" section of the
  * "Zookeeper Programmer's Guide" for general details of implementing an
  * authentication plugin. e.g.
- * http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#sc_ZooKeeperPluggableAuthentication
+ * http://zookeeper.apache.org/doc/current/zookeeperProgrammers.html#sc_ZooKeeperPluggableAuthentication
  *
  * This class looks for a numeric "key" under the /key node.
  * Authorization is granted if the user passes in as authorization a number

zookeeper-server/src/main/java/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java

@@ -89,6 +89,7 @@ public X509AuthenticationProvider() throws X509Exception {
             boolean crlEnabled = config.getBoolean(x509Util.getSslCrlEnabledProperty(), Boolean.getBoolean("com.sun.net.ssl.checkRevocation"));
             boolean ocspEnabled = config.getBoolean(x509Util.getSslOcspEnabledProperty(), Boolean.parseBoolean(Security.getProperty("ocsp.enable")));
             boolean hostnameVerificationEnabled = Boolean.parseBoolean(config.getProperty(x509Util.getSslHostnameVerificationEnabledProperty()));
+            boolean clientHostnameVerificationEnabled = x509Util.isClientHostnameVerificationEnabled(config);
 
             X509KeyManager km = null;
             X509TrustManager tm = null;
@@ -120,7 +121,7 @@ public X509AuthenticationProvider() throws X509Exception {
                         crlEnabled,
                         ocspEnabled,
                         hostnameVerificationEnabled,
-                        false,
+                        clientHostnameVerificationEnabled,
                         fipsMode);
                 } catch (TrustManagerException e) {
                     LOG.error("Failed to create trust manager", e);