Todd Lipcon has posted comments on this change. Change subject: java: implement Channel Bindings ......................................................................
Patch Set 1: (4 comments) http://gerrit.cloudera.org:8080/#/c/5953/1/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java File java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java: Line 267: if ("GSSAPI".equals(clientMech)) { > This needs to be predicated on TLS as well. done, actually had to pull this bit into the previous patch -- as soon as we added TLS, the server wouldn't allow us to use TLS+GSSAPI without auth-int. Line 339: if (certs.length > 0) { > I think this check is unnecessary, and in fact we would want it to throw if yea, I agree with our chosen cipher suites we'd always have a cert, but kept the check and made it throw Line 434: throw new RuntimeException("invalid channel bindings provided by remote peer"); > May want to log a warning like on the C++ side. the C++ side is more noisy about logging exceptions during negotiation - pretty sure this would already get logged, based on what I see in unit tests. http://gerrit.cloudera.org:8080/#/c/5953/1/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java File java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java: Line 72: // The above list is exhaustive as of JDK7's implementation of > and JDK8, it appears. https://docs.oracle.com/javase/8/docs/technotes/guid Done -- To view, visit http://gerrit.cloudera.org:8080/5953 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I8b604ea6a0cff55820f7fbbb3ba4beba3a888a48 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Jean-Daniel Cryans <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
