Wenzhe Zhou has posted comments on this change. ( http://gerrit.cloudera.org:8080/19503 )
Change subject: IMPALA-11922 Verify JWKS URL server TLS certificate by default. ...................................................................... Patch Set 1: (7 comments) Thanks to work on this and added certificate verification to kudu::EasyCurl. curl_util.h/curl_util.cc were synced from Kudu repo, we need to port these changes to Kudu repo later. http://gerrit.cloudera.org:8080/#/c/19503/1//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/19503/1//COMMIT_MSG@12 PS1, Line 12: nit: one extra space http://gerrit.cloudera.org:8080/#/c/19503/1//COMMIT_MSG@24 PS1, Line 24: nit: one extra space http://gerrit.cloudera.org:8080/#/c/19503/1//COMMIT_MSG@48 PS1, Line 48: add a Testing section http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/rpc/authentication.cc File be/src/rpc/authentication.cc: http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/rpc/authentication.cc@1418 PS1, Line 1418: } Check jwks_ca_certificate is not empty if jwks_insecure_tls is set as false. http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/util/jwt-util.h File be/src/util/jwt-util.h: http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/util/jwt-util.h@64 PS1, Line 64: bool is_local_file do we still need this variable? http://gerrit.cloudera.org:8080/#/c/19503/1/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java File fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java: http://gerrit.cloudera.org:8080/#/c/19503/1/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@397 PS1, Line 397: It's better to give a certificate which does not match the certificate returned from server. http://gerrit.cloudera.org:8080/#/c/19503/1/fe/src/test/java/org/apache/impala/customcluster/JwtHttpTest.java@420 PS1, Line 420: nit: extra spaces -- To view, visit http://gerrit.cloudera.org:8080/19503 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I5f1e887fae39b5fb82fa9a40352e4b507b7d8d35 Gerrit-Change-Number: 19503 Gerrit-PatchSet: 1 Gerrit-Owner: Jason Fehr <[email protected]> Gerrit-Reviewer: Abhishek Rawat <[email protected]> Gerrit-Reviewer: Andrew Sherman <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Thu, 16 Feb 2023 00:05:09 +0000 Gerrit-HasComments: Yes
