[kudu-CR] [security] add channel binding to krpc

[Dan Burkert (Code Review)]

Hello Todd Lipcon, Alexey Serbin, Kudu Jenkins,

I'd like you to reexamine a change.  Please visit

    http://gerrit.cloudera.org:8080/5884

to look at the new patch set (#6).

Change subject: [security] add channel binding to krpc
......................................................................

[security] add channel binding to krpc

Channel binding prevents a MITM attack when using unauthenticated TLS
with Kerberos. The channel binding codepath is exercised by the existing
TLS + GSSAPI negotiation test, but I'm punting on testing that it
protects against a MITM for now.

Change-Id: Id73fceebfcb47c881c30f6904cfd6fc6d80f50b8
---
M docs/design-docs/rpc.md
M src/kudu/rpc/client_negotiation.cc
M src/kudu/rpc/client_negotiation.h
M src/kudu/rpc/rpc_header.proto
M src/kudu/rpc/sasl_common.cc
M src/kudu/rpc/sasl_common.h
M src/kudu/rpc/server_negotiation.cc
M src/kudu/rpc/server_negotiation.h
M src/kudu/security/ca/cert_management.cc
M src/kudu/security/cert.cc
M src/kudu/security/cert.h
M src/kudu/security/openssl_util.cc
M src/kudu/security/openssl_util.h
M src/kudu/security/tls_handshake.cc
M src/kudu/security/tls_socket.cc
M src/kudu/security/tls_socket.h
M src/kudu/util/status.cc
17 files changed, 369 insertions(+), 65 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/84/5884/6
-- 
To view, visit http://gerrit.cloudera.org:8080/5884
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Id73fceebfcb47c881c30f6904cfd6fc6d80f50b8
Gerrit-PatchSet: 6
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>