Sailesh Mukil created KUDU-2220: ----------------------------------- Summary: GetEndOfChainX509 does not return end-user cert Key: KUDU-2220 URL: https://issues.apache.org/jira/browse/KUDU-2220 Project: Kudu Issue Type: Bug Components: security Affects Versions: 1.5.0 Reporter: Sailesh Mukil Assignee: Sailesh Mukil
KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to return the "end-user" certificate. However, the end-user certificate is not at the end of the chain, but rather at the beginning of the chain as specificed by the RFC: https://tools.ietf.org/html/rfc5246#section-7.4.2 {quote}This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it.{quote} -- This message was sent by Atlassian JIRA (v6.4.14#64029)