1 files changed, 17 insertions, 4 deletions

diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
index eca5df73dfb..71cc81a0db0 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
@@ -1,9 +1,11 @@
 // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.zookeeper;
 
-import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils;
+import com.yahoo.security.X509SslContext;
+import com.yahoo.security.tls.TlsContext;
 
 import javax.net.ssl.SSLContext;
+import java.util.Optional;
 import java.util.function.Supplier;
 
 /**
@@ -13,11 +15,22 @@ import java.util.function.Supplier;
  */
 public class VespaSslContextProvider implements Supplier<SSLContext> {
 
+    private static TlsContext tlsContext;
+
     @Override
     public SSLContext get() {
-        return VespaZookeeperTlsContextUtils.tlsContext()
-                                            .orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled"))
-                                            .sslContext().context();
+        return tlsContext().orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled")).context();
+    }
+
+    public Optional<X509SslContext> tlsContext() {
+        synchronized (VespaSslContextProvider.class) {
+            return Optional.ofNullable(tlsContext.sslContext());
+        }
+    }
+
+    static synchronized void set(TlsContext ctx) {
+        if (tlsContext != null) tlsContext.close();
+        tlsContext = ctx;
     }
 
 }