Dan Burkert has posted comments on this change. Change subject: [security] generate self-signed certs on server startup ......................................................................
Patch Set 4: (9 comments) It looks like the leak that's causing asan test failures may be internal to OpenSSL. I'm still investigating. http://gerrit.cloudera.org:8080/#/c/5955/1/src/kudu/integration-tests/registration-test.cc File src/kudu/integration-tests/registration-test.cc: Line 206: AssertEventually([&](){ > error: incomplete definition of type 'const security::TlsContext' [clang-di Done http://gerrit.cloudera.org:8080/#/c/5955/1/src/kudu/security/ca/cert_management.h File src/kudu/security/ca/cert_management.h: Line 158: // Generate a self-signed certificate using the given key and CSR > warning: missing username/bug in TODO [google-readability-todo] Done http://gerrit.cloudera.org:8080/#/c/5955/1/src/kudu/security/tls_context.cc File src/kudu/security/tls_context.cc: Line 205: csr_ = std::move(csr); > warning: don't use else after return [readability-else-after-return] Done PS1, Line 210: > nit: consider dropping 'Signed' since we don't have non-signed ones. Signed here means it must not be self-signed. PS1, Line 230: > nit: drop this Done PS1, Line 241: > nit: drop this Done PS1, Line 243: // This should never fail sin > nit: probably, this is just debug log, i.e. use VLOG() or something Done PS1, Line 261: UseCertificateAndKey(c, k > Does this work for intermediate CA certs? Good point - I'll drop the 'Root'. http://gerrit.cloudera.org:8080/#/c/5955/1/src/kudu/security/tls_handshake-test.cc File src/kudu/security/tls_handshake-test.cc: Line 59: expected_status(std::move(expected_status_)) { > warning: value argument 'expected_status_' can be moved to avoid copy [misc Done -- To view, visit http://gerrit.cloudera.org:8080/5955 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ie785cc80d1cd8275defa3987f8e2a3bbcae02622 Gerrit-PatchSet: 4 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes