Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/19503 )
Change subject: IMPALA-11922 Verify JWKS URL server TLS certificate by default. ...................................................................... Patch Set 10: Code-Review+1 (2 comments) LGTM http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/util/jwt-util-internal.h File be/src/util/jwt-util-internal.h: http://gerrit.cloudera.org:8080/#/c/19503/1/be/src/util/jwt-util-internal.h@374 PS1, Line 374: of certs > I had updated the comment with my previous patch set. Do you have any spec Ah, I guess the idea was to indicate that the certificates in the bundle are used to verify the TLS certificate of the JWKS server, but if the current version looks good enough and non-ambiguous to you, then no need to update. http://gerrit.cloudera.org:8080/#/c/19503/7/fe/src/test/java/org/apache/impala/testutil/X509CertChain.java File fe/src/test/java/org/apache/impala/testutil/X509CertChain.java: PS7: > Yeah, the JDK built-in classes define the interfaces/classes to provide a s Ah, sure -- I meant relying on SunJSSE/SunJCE providers would be something I expected to see, but BC is an option as well. Was just curious why BC is the preferred provider. -- To view, visit http://gerrit.cloudera.org:8080/19503 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I5f1e887fae39b5fb82fa9a40352e4b507b7d8d35 Gerrit-Change-Number: 19503 Gerrit-PatchSet: 10 Gerrit-Owner: Jason Fehr <[email protected]> Gerrit-Reviewer: Abhishek Rawat <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Sherman <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Thu, 23 Feb 2023 02:19:33 +0000 Gerrit-HasComments: Yes
