[
https://issues.apache.org/jira/browse/YARN-8448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16648434#comment-16648434
]
Haibo Chen commented on YARN-8448:
----------------------------------
For the ProxyCA related changes, I have a few questions/comments.
1) In the host verifier, does the peer certificates come in any order? Right
now the code assumes that the 1st one is always signed by the ca cert.
2) Add @VisibleForTesting to getCaCert and getCaKeyPair?
3) KeyPairGenerator is created locally. Is there a security reason not to
reuse KeyPairGenerator?
4) In the custom X509TrustManager, how would the defaultTrustManager verify
the identify of the AM?
5) testCreateTrustManager() seem to have a lot of cases. Failing one would
cause the following ones not to be executed. Can we split it into a few
separate methods? Likewise for testCreateHostnameVerifier.
> AM HTTPS Support
> ----------------
>
> Key: YARN-8448
> URL: https://issues.apache.org/jira/browse/YARN-8448
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Major
> Attachments: YARN-8448.001.patch, YARN-8448.002.patch,
> YARN-8448.003.patch, YARN-8448.004.patch, YARN-8448.005.patch,
> YARN-8448.006.patch, YARN-8448.007.patch, YARN-8448.008.patch
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
