[jira] [Commented] (ARROW-10105) [FlightRPC] Add client option to disable certificate validation with TLS

Tue, 06 Oct 2020 10:44:25 -0700 


    [ 
https://issues.apache.org/jira/browse/ARROW-10105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17208994#comment-17208994
 ] 

James Duong commented on ARROW-10105:
-------------------------------------

Update - I was able to get gRPC 1.32 to build on CentOSs 5. In 1.32, they 
essentially collapsed the logic that was for manylinux1 into the regular Linux 
case, but this seems to cause build failures on CentOS5 in practice.

I've reproduced the macro definitions that were used for manylinux1 prior to 
1.32 and now gRPC compiles.
What fails now is when linking libarrow_flight.so:
ImportError: /arrow/python/pyarrow/libarrow_flight.so.200: undefined symbol: 
_ZN3re23RE2C1ERKSs
When demangled this is
ImportError: /arrow/python/pyarrow/libarrow_flight.so.200: undefined symbol: 
re2::RE2::RE2(std::string const&)

gRPC 1.32 added a dependency on RE2. I've added RE2 to Flight's CMakeLists, but 
that hasn't fixed this problem.
https://github.com/apache/arrow/blob/8ce02f7d5bd8d7cb732406af26bdc3b94333381b/cpp/src/arrow/flight/CMakeLists.txt#L23

I am also not understanding why the Ursa builds do not seem to get gRPC 1.32.

> [FlightRPC] Add client option to disable certificate validation with TLS
> ------------------------------------------------------------------------
>
>                 Key: ARROW-10105
>                 URL: https://issues.apache.org/jira/browse/ARROW-10105
>             Project: Apache Arrow
>          Issue Type: New Feature
>          Components: C++, FlightRPC, Java, Python
>            Reporter: James Duong
>            Assignee: James Duong
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.0.0
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> Users of Flight may want to disable certificate validation if they want to 
> only use encryption. A use case might be that the Flight server uses a 
> self-signed certificate and doesn't distribute a certificate for clients to 
> use.
> This feature would be to add an explicit option to FlightClient.Builder to 
> disable certificate validation. Note that this should not happen implicitly 
> if a client uses a TLS location, but does not set a certificate. The client 
> should explicitly set this option so that they are fully aware that they are 
> making a connection with reduced security.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to