Sailesh Mukil has posted comments on this change. Change subject: KUDU-1965: Allow user provided TLS certificates to work with KRPC ......................................................................
Patch Set 3: (1 comment) http://gerrit.cloudera.org:8080/#/c/6555/3/src/kudu/rpc/server_negotiation.cc File src/kudu/rpc/server_negotiation.cc: Line 629: if (!cert.is_user_provided()) { > I don't see how this could work -- GetRemoteCert is coming off the TLS hand You're right. I did something silly while testing which gave me false positive results. Looks like having this flag in TlsContext would be best. However, why do the hostname verification check for host based PKI? Wouldn't that already happen in the SSL handshake layer? -- To view, visit http://gerrit.cloudera.org:8080/6555 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ica6e2bacb378553723467f0dc54a166885db1e4d Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
