[kudu-CR] IPKI: master CA should verify x509 attributes before signing certs

Todd Lipcon (Code Review) Wed, 22 Feb 2017 20:01:12 -0800

Todd Lipcon has submitted this change and it was merged.

Change subject: IPKI: master CA should verify x509 attributes before signing 
certs
......................................................................



IPKI: master CA should verify x509 attributes before signing certs

This makes the master verify that the attributes stored in the X509 CSR
match the authenticated user's credentials.

Change-Id: I390e113220302dec335afc38d05d2ea73c965ba6
Reviewed-on: http://gerrit.cloudera.org:8080/6118
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <[email protected]>
---
M src/kudu/integration-tests/master_cert_authority-itest.cc
M src/kudu/master/master_cert_authority.cc
M src/kudu/master/master_cert_authority.h
M src/kudu/master/master_service.cc
M src/kudu/rpc/negotiation-test.cc
M src/kudu/rpc/remote_user.cc
M src/kudu/rpc/remote_user.h
7 files changed, 100 insertions(+), 46 deletions(-)

Approvals:
  Alexey Serbin: Looks good to me, approved
  Kudu Jenkins: Verified



-- 
To view, visit http://gerrit.cloudera.org:8080/6118
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I390e113220302dec335afc38d05d2ea73c965ba6
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <[email protected]>

[kudu-CR] IPKI: master CA should verify x509 attributes before signing certs

Reply via email to