Alexey Serbin has posted comments on this change. Change subject: webserver: improve SSL certificate handling ......................................................................
Patch Set 4: (7 comments) http://gerrit.cloudera.org:8080/#/c/5015/3/src/kudu/server/webserver.cc File src/kudu/server/webserver.cc: PS3, Line 165: asswo nit: may be ? http://gerrit.cloudera.org:8080/#/c/5015/3/src/kudu/server/webserver_options.cc File src/kudu/server/webserver_options.cc: PS3, Line 56: debug What is 'debug webserver's SSL certificate file'? PS3, Line 56: .pem PEM PS3, Line 59: --ssl_server_certificate --webserver_certificate_file ? PS3, Line 60: this option must be set as well. I might miss it, but I didn't see this was enforced. PS3, Line 60: --ssl_server_certificate --webserver_certificate_file http://gerrit.cloudera.org:8080/#/c/5015/4/src/kudu/util/curl_util.cc File src/kudu/util/curl_util.cc: PS4, Line 71: CURLOPT_SSL_VERIFYPEER This is just to verify the cert chain, right? What about verifying the hostname of the server (cert subj/alt. subj)? Does it make sense to enable to set CURLOPT_SSL_VERIFYHOST if CURLOPT_SSL_VERIFYPEER is set to 1? -- To view, visit http://gerrit.cloudera.org:8080/5015 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I4b508cebbe6f31556e6d5a5fba5e5e9fb44cf1b9 Gerrit-PatchSet: 4 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
