Jason Fehr has posted comments on this change. ( http://gerrit.cloudera.org:8080/19503 )
Change subject: IMPALA-11922 Verify JWKS URL server TLS certificate by default. ...................................................................... Patch Set 7: (3 comments) http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/kudu/util/curl_util.cc File be/src/kudu/util/curl_util.cc: http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/kudu/util/curl_util.cc@122 PS1, Line 122: CHECK_EQ > You could check the definition of those two macros -- it could make it clea Thanks for that explanation. I switched to CURL_RETURN_NOT_OK. http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/util/jwt-util-internal.h File be/src/util/jwt-util-internal.h: http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/util/jwt-util-internal.h@374 PS1, Line 374: of certs > OK, great. So, maybe then update the comment to make it more specific what I had updated the comment with my previous patch set. Do you have any specific additional information you want to see? http://gerrit.cloudera.org:8080/#/c/19503/7/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java File fe/src/test/java/org/apache/impala/testutil/X509CertChain.java: PS7: > Just curious: any specific reason for bringing in BouncyCastle in addition Yeah, the JDK built-in classes define the interfaces/classes to provide a structure for managing X509 certificates and RSA private keys. Bouncycastle provides the implementation that does the actual certificate signing and private key generation. Bouncycastle and this class are both only used in unit tests. -- To view, visit http://gerrit.cloudera.org:8080/19503 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I5f1e887fae39b5fb82fa9a40352e4b507b7d8d35 Gerrit-Change-Number: 19503 Gerrit-PatchSet: 7 Gerrit-Owner: Jason Fehr <[email protected]> Gerrit-Reviewer: Abhishek Rawat <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Sherman <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Wed, 22 Feb 2023 18:16:08 +0000 Gerrit-HasComments: Yes
