Hello Dan Burkert, Kudu Jenkins, I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/6805 to review the following change. Change subject: KUDU-1981 Kudu should run at hosts len(FQDN) > 64 ...................................................................... KUDU-1981 Kudu should run at hosts len(FQDN) > 64 This is a fix for KUDU-1981: with security enabled, Kudu servers cannot start at machines with len(FQDN) > 64. Prior to this fix, the host FQDN was put into the CSR's CN (common name) field while generating self-signed certificate for server RPC messenger. Per RFC5280, the CN field cannot contain strings longer than 64 characters long, and it seems OpenSSL enforces that limit as required. The idea is to put FQDNs into the SAN X509v3 extension field as 'DNS' fields. That makes it possible to have names in the SAN which are even longer than 255 characters. This patch returns back a part of the SAN-related functionality which had been implemented initially in cert_management.cc and then removed since it was not used back then. This patch also adds a couple of unit tests to cover the new functionality and to make sure it's possible to set CN field of CSR to 64-chars length value and have corresponding X509 certificate generated with no issues. Change-Id: Ie142e76e9b2dcef3e07dd33d82b6758c746ced19 Reviewed-on: http://gerrit.cloudera.org:8080/6734 Tested-by: Kudu Jenkins Reviewed-by: Dan Burkert <danburk...@apache.org> (cherry picked from commit eccafbcfbd41324164f7df10219a2b9c3d161269) --- M src/kudu/integration-tests/master_cert_authority-itest.cc M src/kudu/security/ca/cert_management-test.cc M src/kudu/security/ca/cert_management.cc M src/kudu/security/ca/cert_management.h M src/kudu/security/cert-test.cc M src/kudu/security/cert.cc M src/kudu/security/cert.h M src/kudu/security/test/test_certs.cc M src/kudu/security/test/test_certs.h M src/kudu/security/tls_context.cc 10 files changed, 232 insertions(+), 74 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/05/6805/1 -- To view, visit http://gerrit.cloudera.org:8080/6805 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie142e76e9b2dcef3e07dd33d82b6758c746ced19 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: branch-1.3.x Gerrit-Owner: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins