Dan Burkert has posted comments on this change. ( http://gerrit.cloudera.org:8080/9934 )
Change subject: KUDU-2401: External TLS certificate with Intermediate CA in server cert file fails ...................................................................... Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/9934/1/src/kudu/security/tls_context.cc File src/kudu/security/tls_context.cc: http://gerrit.cloudera.org:8080/#/c/9934/1/src/kudu/security/tls_context.cc@197 PS1, Line 197: for (int i = 0; i < cert.chain_len(); ++i) { I pretty much completely paged these APIs out so I started looking through the man pages again, so maybe this is a dumb suggestion, but did you try passing the stack to the original X509_STORE_CTX_init call? I tried it out, and it appears to pass the new tests: OPENSSL_RET_NOT_OK(X509_STORE_CTX_init(store_ctx.get(), store, cert.GetTopOfChainX509(), cert.GetRawData()), "could not init X509_STORE_CTX"); int rc = X509_verify_cert(store_ctx.get()); http://gerrit.cloudera.org:8080/#/c/9934/1/src/kudu/security/tls_context.cc@201 PS1, Line 201: if (rc == 1) break; add braces around if block here and below. -- To view, visit http://gerrit.cloudera.org:8080/9934 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: If4af35e97ec6f91c1d9ed902128bd7f4e260f0f4 Gerrit-Change-Number: 9934 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Lars Volker <[email protected]> Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-Comment-Date: Thu, 05 Apr 2018 20:10:38 +0000 Gerrit-HasComments: Yes
