Todd Lipcon has posted comments on this change. Change subject: KUDU-1965: Allow user provided TLS certificates to work with KRPC ......................................................................
Patch Set 3: (1 comment) http://gerrit.cloudera.org:8080/#/c/6555/3/src/kudu/rpc/server_negotiation.cc File src/kudu/rpc/server_negotiation.cc: Line 629: if (!cert.is_user_provided()) { > You're right. I did something silly while testing which gave me false posit I guess it depends how we configure the handshake from the server side. Currently Kudu isn't doing hostname verification at all for our certs. I suppose Impala would need to configure it to do so. As of right now, the code's commented out though (I thought you mentioned you were working on making this configurable) -- To view, visit http://gerrit.cloudera.org:8080/6555 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ica6e2bacb378553723467f0dc54a166885db1e4d Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes
