[ https://issues.apache.org/jira/browse/IMPALA-6172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailesh Mukil resolved IMPALA-6172. ----------------------------------- Resolution: Fixed Fix Version/s: Impala 2.11.0 Commit in: https://github.com/apache/incubator-impala/commit/32baa695f499a936b72c5a51ae3649c408aa5a85 > KRPC w/ TLS doesn't work on remote clusters after rebase > -------------------------------------------------------- > > Key: IMPALA-6172 > URL: https://issues.apache.org/jira/browse/IMPALA-6172 > Project: IMPALA > Issue Type: Sub-task > Components: Security > Reporter: Sailesh Mukil > Assignee: Sailesh Mukil > Priority: Blocker > Labels: broken-build, security > Fix For: Impala 2.11.0 > > > It looks like depending on who initializes OpenSSL (KRPC or us), the behavior > changes. After some cherry-picks, we're unable to run Impala on remote > clusters with TLS with certain certificate types. > We get the following when we use intermediate CAs: > {code:java} > "F1108 10:47:36.532202 93303 impalad-main.cc:79] Could not build messenger: > Runtime error: certificate does not match private key: error:0B080074:x509 > certificate routines:X509_check_private_key:key values > mismatch:x509_cmp.c:331" > {code} > And we get the following when we use self-signed certificates: > "self signed certificate in certificate chain" -- This message was sent by Atlassian JIRA (v6.4.14#64029)