[
https://issues.apache.org/jira/browse/IMPALA-6172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sailesh Mukil resolved IMPALA-6172.
-----------------------------------
Resolution: Fixed
Fix Version/s: Impala 2.11.0
Commit in:
https://github.com/apache/incubator-impala/commit/32baa695f499a936b72c5a51ae3649c408aa5a85
> KRPC w/ TLS doesn't work on remote clusters after rebase
> --------------------------------------------------------
>
> Key: IMPALA-6172
> URL: https://issues.apache.org/jira/browse/IMPALA-6172
> Project: IMPALA
> Issue Type: Sub-task
> Components: Security
> Reporter: Sailesh Mukil
> Assignee: Sailesh Mukil
> Priority: Blocker
> Labels: broken-build, security
> Fix For: Impala 2.11.0
>
>
> It looks like depending on who initializes OpenSSL (KRPC or us), the behavior
> changes. After some cherry-picks, we're unable to run Impala on remote
> clusters with TLS with certain certificate types.
> We get the following when we use intermediate CAs:
> {code:java}
> "F1108 10:47:36.532202 93303 impalad-main.cc:79] Could not build messenger:
> Runtime error: certificate does not match private key: error:0B080074:x509
> certificate routines:X509_check_private_key:key values
> mismatch:x509_cmp.c:331"
> {code}
> And we get the following when we use self-signed certificates:
> "self signed certificate in certificate chain"
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
