Internal Jenkins has submitted this change and it was merged. Change subject: IMPALA-3159: impala-shell does not accept wildcard or SAN certificates ......................................................................
IMPALA-3159: impala-shell does not accept wildcard or SAN certificates The impala-shell could not accept wildcard or SAN certificates previously as the thrift library it depended on did not support them. This patch subclasses TSSLSocket and adds the logic to take care of the above mentioned cases by introducing the new TSSLSocketWithWildcardSAN class. The certificate matching logic is based on the python-ssl source code. Added custom cluster tests to test both wildcard matching and SAN matching. Added be/src/testutil/certificates-info.txt which contains all the information about the certificates which are added for the tests. This has been tested with Python2.4 and Python2.6. Change-Id: I75e37012eeeb0bcf87a5edf875f0ff915daf8b89 Reviewed-on: http://gerrit.cloudera.org:8080/3765 Reviewed-by: Sailesh Mukil <[email protected]> Tested-by: Internal Jenkins --- A be/src/testutil/certificates-info.txt A be/src/testutil/incorrect-commonname-cert.key A be/src/testutil/incorrect-commonname-cert.pem A be/src/testutil/wildcard-cert.key A be/src/testutil/wildcard-cert.pem A be/src/testutil/wildcard-san-cert.key A be/src/testutil/wildcard-san-cert.pem A be/src/testutil/wildcardCA.key A be/src/testutil/wildcardCA.pem A shell/TSSLSocketWithWildcardSAN.py M shell/impala_client.py M tests/custom_cluster/test_client_ssl.py M tests/shell/util.py 13 files changed, 509 insertions(+), 14 deletions(-) Approvals: Internal Jenkins: Verified Sailesh Mukil: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/3765 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: I75e37012eeeb0bcf87a5edf875f0ff915daf8b89 Gerrit-PatchSet: 2 Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-Owner: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Internal Jenkins Gerrit-Reviewer: Sailesh Mukil <[email protected]>
