Attila Bukor has posted comments on this change. ( http://gerrit.cloudera.org:8080/19709 )
Change subject: [jwt] Verify JWKS URL server TLS certificate by default ...................................................................... Patch Set 2: (5 comments) http://gerrit.cloudera.org:8080/#/c/19709/2/src/kudu/server/server_base.cc File src/kudu/server/server_base.cc: http://gerrit.cloudera.org:8080/#/c/19709/2/src/kudu/server/server_base.cc@285 PS2, Line 285: TAG_FLAG(jwks_verify_server_certificate, experimental); how about tagging this as unsafe instead of experimental? http://gerrit.cloudera.org:8080/#/c/19709/1/src/kudu/util/curl_util.cc File src/kudu/util/curl_util.cc: http://gerrit.cloudera.org:8080/#/c/19709/1/src/kudu/util/curl_util.cc@168 PS1, Line 168: L_RETURN_NOT_OK(curl_easy_seto > We still use this flag, but pass the flag as parameter to this class to mak That is a good point, but I think it's outside the scope of this change as it's an existing flag. Maybe a follow-up change could address this. http://gerrit.cloudera.org:8080/#/c/19709/2/src/kudu/util/curl_util.cc File src/kudu/util/curl_util.cc: PS2: What are these changes for? Are these needed/relevant? http://gerrit.cloudera.org:8080/#/c/19709/2/src/kudu/util/jwt-util-internal.h File src/kudu/util/jwt-util-internal.h: http://gerrit.cloudera.org:8080/#/c/19709/2/src/kudu/util/jwt-util-internal.h@371 PS2, Line 371: std::string jwks_ca_certificate_; Is this still used? http://gerrit.cloudera.org:8080/#/c/19709/2/src/kudu/util/jwt-util-test.cc File src/kudu/util/jwt-util-test.cc: http://gerrit.cloudera.org:8080/#/c/19709/2/src/kudu/util/jwt-util-test.cc@950 PS2, Line 950: false nit: prepend with comment here and below -- To view, visit http://gerrit.cloudera.org:8080/19709 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I0fd7b53d651786bbe57642dd14cd477055b80c78 Gerrit-Change-Number: 19709 Gerrit-PatchSet: 2 Gerrit-Owner: Zoltan Chovan <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Wed, 12 Apr 2023 07:15:07 +0000 Gerrit-HasComments: Yes
