ChenSammi commented on PR #5163:
URL: https://github.com/apache/ozone/pull/5163#issuecomment-1724774286
@fapifta , we have this function in DefaultCertificateClient, which depends
on different CN of certificates to work.
```
private Optional<X509Certificate> getIssuerForCert(X509Certificate cert,
Iterable<X509Certificate> issuerCerts) {
for (X509Certificate issuer : issuerCerts) {
if (cert.getIssuerX500Principal().equals(
issuer.getSubjectX500Principal())) {
return Optional.of(issuer);
}
}
return Optional.empty();
}
```
For this reason, we need to distinguish different certificates for a same
SCM in CN. Previously timestamp is used, now it's serial ID. Maybe other
services DN/OM/Recon doesn't requires serial ID in CN. But it's required for
SCM, then we need the proto new API.
If the above function can be rewritten, remove the dependency on CN check,
then we can not include serial ID in CN at all. @Galsza , do you think it's
feasible to achieve that?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
