[jira] [Commented] (KUDU-2220) GetEndOfChainX509 does not return end-user cert
[ https://issues.apache.org/jira/browse/KUDU-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16261326#comment-16261326 ] Sailesh Mukil commented on KUDU-2220: - Commit in: https://github.com/apache/kudu/commit/3e59fd7b14b4a2ba2846621df04093cce9024688 > GetEndOfChainX509 does not return end-user cert > --- > > Key: KUDU-2220 > URL: https://issues.apache.org/jira/browse/KUDU-2220 > Project: Kudu > Issue Type: Bug > Components: security >Affects Versions: 1.5.0 >Reporter: Sailesh Mukil >Assignee: Sailesh Mukil > Fix For: 1.6.0 > > > KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to > return the "end-user" certificate. However, the end-user certificate is not > at the end of the chain, but rather at the beginning of the chain as > specificed by the RFC: > https://tools.ietf.org/html/rfc5246#section-7.4.2 > {quote}This is a sequence (chain) of certificates. The sender's certificate > MUST come first in the list. Each following certificate MUST directly > certify the one preceding it.{quote} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KUDU-2220) GetEndOfChainX509 does not return end-user cert
[ https://issues.apache.org/jira/browse/KUDU-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16259553#comment-16259553 ] Sailesh Mukil commented on KUDU-2220: - Patch out for review: https://gerrit.cloudera.org/#/c/8595/ > GetEndOfChainX509 does not return end-user cert > --- > > Key: KUDU-2220 > URL: https://issues.apache.org/jira/browse/KUDU-2220 > Project: Kudu > Issue Type: Bug > Components: security >Affects Versions: 1.5.0 >Reporter: Sailesh Mukil >Assignee: Sailesh Mukil > > KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to > return the "end-user" certificate. However, the end-user certificate is not > at the end of the chain, but rather at the beginning of the chain as > specificed by the RFC: > https://tools.ietf.org/html/rfc5246#section-7.4.2 > {quote}This is a sequence (chain) of certificates. The sender's certificate > MUST come first in the list. Each following certificate MUST directly > certify the one preceding it.{quote} -- This message was sent by Atlassian JIRA (v6.4.14#64029)