Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/20076 )
Change subject: [rpc] clean up JWT-related client-side negotiation code ...................................................................... [rpc] clean up JWT-related client-side negotiation code Since now there is an API to add a trusted TLS certificate into the chain of trusted certificates of a Kudu C++ client application, the test-only flag --jwt_client_require_trusted_tls_cert is no longer needed. This patch removes the flag along with corresponding test scenario. Correspondingly, the client now verifies the server's TLS certificate during TLS handshake since there isn't a case when a client would send out its JWT to a server it doesn't trust once the --jwt_client_require_trusted_tls_cert test-only flag is removed. This patch also adds an extra logging about a connection negotiation condition when the client has a JWT, but it doesn't trust the server's TLS certificate. In addition, I took the liberty of removing a few TODOs related to KUDU-1921 since the referred functionality has already been implemented. Change-Id: I85574ed05396fcf3740d9d068afa524cf125f5ff Reviewed-on: http://gerrit.cloudera.org:8080/20076 Reviewed-by: Attila Bukor <[email protected]> Tested-by: Kudu Jenkins --- M src/kudu/integration-tests/security-itest.cc M src/kudu/rpc/client_negotiation.cc 2 files changed, 27 insertions(+), 49 deletions(-) Approvals: Attila Bukor: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/20076 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I85574ed05396fcf3740d9d068afa524cf125f5ff Gerrit-Change-Number: 20076 Gerrit-PatchSet: 3 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Zoltan Chovan <[email protected]>
