[jira] [Commented] (KUDU-2220) GetEndOfChainX509 does not return end-user cert

2017-11-21 Thread Sailesh Mukil (JIRA) 

[ 
https://issues.apache.org/jira/browse/KUDU-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16261326#comment-16261326
 ] 

Sailesh Mukil commented on KUDU-2220:
-

Commit in:
https://github.com/apache/kudu/commit/3e59fd7b14b4a2ba2846621df04093cce9024688

> GetEndOfChainX509 does not return end-user cert
> ---
>
> Key: KUDU-2220
> URL: https://issues.apache.org/jira/browse/KUDU-2220
> Project: Kudu
>  Issue Type: Bug
>  Components: security
>Affects Versions: 1.5.0
>Reporter: Sailesh Mukil
>Assignee: Sailesh Mukil
> Fix For: 1.6.0
>
>
> KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to 
> return the "end-user" certificate. However, the end-user certificate is not 
> at the end of the chain, but rather at the beginning of the chain as 
> specificed by the RFC:
> https://tools.ietf.org/html/rfc5246#section-7.4.2
> {quote}This is a sequence (chain) of certificates.  The sender's certificate 
> MUST come first in the list.  Each following certificate MUST directly 
> certify the one preceding it.{quote}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KUDU-2220) GetEndOfChainX509 does not return end-user cert

2017-11-20 Thread Sailesh Mukil (JIRA) 

[ 
https://issues.apache.org/jira/browse/KUDU-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16259553#comment-16259553
 ] 

Sailesh Mukil commented on KUDU-2220:
-

Patch out for review:
https://gerrit.cloudera.org/#/c/8595/

> GetEndOfChainX509 does not return end-user cert
> ---
>
> Key: KUDU-2220
> URL: https://issues.apache.org/jira/browse/KUDU-2220
> Project: Kudu
>  Issue Type: Bug
>  Components: security
>Affects Versions: 1.5.0
>Reporter: Sailesh Mukil
>Assignee: Sailesh Mukil
>
> KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to 
> return the "end-user" certificate. However, the end-user certificate is not 
> at the end of the chain, but rather at the beginning of the chain as 
> specificed by the RFC:
> https://tools.ietf.org/html/rfc5246#section-7.4.2
> {quote}This is a sequence (chain) of certificates.  The sender's certificate 
> MUST come first in the list.  Each following certificate MUST directly 
> certify the one preceding it.{quote}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)