Zoltan Chovan has posted comments on this change. ( http://gerrit.cloudera.org:8080/19709 )
Change subject: [jwt] Verify JWKS URL server TLS certificate by default ...................................................................... Patch Set 6: (3 comments) http://gerrit.cloudera.org:8080/#/c/19709/5/src/kudu/integration-tests/security-itest.cc File src/kudu/integration-tests/security-itest.cc: http://gerrit.cloudera.org:8080/#/c/19709/5/src/kudu/integration-tests/security-itest.cc@552 PS5, Line 552: const auto configure_builder_for = > nit: looks like the indentation got misaligned. Done http://gerrit.cloudera.org:8080/#/c/19709/5/src/kudu/integration-tests/security-itest.cc@631 PS5, Line 631: ca_certificate_file = kudu::security::kCaExpiredCert; > It's the certificate_file (and the corresponding private_key_file) that sho if the ca_cert is expired, then there is no trust that would be able to verify the server certificate, making the setup invalid http://gerrit.cloudera.org:8080/#/c/19709/5/src/kudu/integration-tests/security-itest.cc@694 PS5, Line 694: cluster_opts_.extra_master_flags.push_back("--jwks_verify_server_certificate=true"); > Is this necessary? Isn't this the default value? Also, can you remove the n okay, added an explanation comment to clear it up, for readability -- To view, visit http://gerrit.cloudera.org:8080/19709 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I0fd7b53d651786bbe57642dd14cd477055b80c78 Gerrit-Change-Number: 19709 Gerrit-PatchSet: 6 Gerrit-Owner: Zoltan Chovan <[email protected]> Gerrit-Reviewer: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Thu, 13 Apr 2023 21:51:31 +0000 Gerrit-HasComments: Yes
