Hello Todd Lipcon, Alexey Serbin, Kudu Jenkins, I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/5884 to look at the new patch set (#6). Change subject: [security] add channel binding to krpc ...................................................................... [security] add channel binding to krpc Channel binding prevents a MITM attack when using unauthenticated TLS with Kerberos. The channel binding codepath is exercised by the existing TLS + GSSAPI negotiation test, but I'm punting on testing that it protects against a MITM for now. Change-Id: Id73fceebfcb47c881c30f6904cfd6fc6d80f50b8 --- M docs/design-docs/rpc.md M src/kudu/rpc/client_negotiation.cc M src/kudu/rpc/client_negotiation.h M src/kudu/rpc/rpc_header.proto M src/kudu/rpc/sasl_common.cc M src/kudu/rpc/sasl_common.h M src/kudu/rpc/server_negotiation.cc M src/kudu/rpc/server_negotiation.h M src/kudu/security/ca/cert_management.cc M src/kudu/security/cert.cc M src/kudu/security/cert.h M src/kudu/security/openssl_util.cc M src/kudu/security/openssl_util.h M src/kudu/security/tls_handshake.cc M src/kudu/security/tls_socket.cc M src/kudu/security/tls_socket.h M src/kudu/util/status.cc 17 files changed, 369 insertions(+), 65 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/84/5884/6 -- To view, visit http://gerrit.cloudera.org:8080/5884 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: Id73fceebfcb47c881c30f6904cfd6fc6d80f50b8 Gerrit-PatchSet: 6 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org>