Hello Zoltan Chovan, Attila Bukor, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/20076
to look at the new patch set (#2).
Change subject: [rpc] clean up JWT-related client-side negotiation code
......................................................................
[rpc] clean up JWT-related client-side negotiation code
Since now there is an API to add a trusted TLS certificate into the
chain of trusted certificates of a Kudu C++ client application, the
test-only flag --jwt_client_require_trusted_tls_cert is no longer
needed. This patch removes the flag along with corresponding
test scenario. Correspondingly, the client now verifies the server's
TLS certificate during TLS handshake since there isn't a case when
a client would send out its JWT to a server it doesn't trust once
the --jwt_client_require_trusted_tls_cert test-only flag is removed.
This patch also adds an extra logging about a connection negotiation
condition when the client has a JWT, but it doesn't trust the server's
TLS certificate.
In addition, I took the liberty of removing a few TODOs related to
KUDU-1921 since the referred functionality has already been implemented.
Change-Id: I85574ed05396fcf3740d9d068afa524cf125f5ff
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/rpc/client_negotiation.cc
2 files changed, 27 insertions(+), 49 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/76/20076/2
--
To view, visit http://gerrit.cloudera.org:8080/20076
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I85574ed05396fcf3740d9d068afa524cf125f5ff
Gerrit-Change-Number: 20076
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Zoltan Chovan <[email protected]>
