Daniel Becker has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/23015 )
Change subject: IMPALA-14066 (Part 6): Re-applying IMPALA-14038: Pull in KUDU-3663 to handle certs with RSASSA-PSS ...................................................................... IMPALA-14066 (Part 6): Re-applying IMPALA-14038: Pull in KUDU-3663 to handle certs with RSASSA-PSS This commit re-applies IMPALA-14038 to the Kudu files after the Kudu rebase to v1.17.1. Testing: - exhaustive tests have passed The original commit message is below: The existing KRPC code to determine the hash algorithm for a certificate does not handle RSASSA-PSS signatures as the hash algorithm is configurable for RSASSA-PSS. This was addressed in Kudu with KUDU-3663. That fix uses OpenSSL 1.1.1's x509_get_signature_info() function, which is able to determine the hash algorithm even for RSASSA-PSS. This is similar to the fix that Postgres did in a similar situation. It does not support RSASSA-PSS on OpenSSL 1.0.2, but it improves the error message in that case. Testing: - Kudu added a unit test that passes Change-Id: I162efac2d68c2bfb34a5086557182f68670d8c2a Reviewed-on: http://gerrit.cloudera.org:8080/22923 Reviewed-by: Jason Fehr <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> Reviewed-on: http://gerrit.cloudera.org:8080/23015 Reviewed-by: Daniel Becker <[email protected]> Tested-by: Daniel Becker <[email protected]> --- M be/src/kudu/security/cert-test.cc M be/src/kudu/security/cert.cc M be/src/kudu/security/cert.h M be/src/kudu/security/test/test_certs.cc M be/src/kudu/security/test/test_certs.h 5 files changed, 132 insertions(+), 5 deletions(-) Approvals: Daniel Becker: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/23015 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I162efac2d68c2bfb34a5086557182f68670d8c2a Gerrit-Change-Number: 23015 Gerrit-PatchSet: 5 Gerrit-Owner: Daniel Becker <[email protected]> Gerrit-Reviewer: Daniel Becker <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Riza Suminto <[email protected]> Gerrit-Reviewer: Wenzhe Zhou <[email protected]>
