Sailesh Mukil has uploaded this change for review. ( http://gerrit.cloudera.org:8080/8595
Change subject: KUDU-2220: GetEndOfChainX509 does not return end-user cert ...................................................................... KUDU-2220: GetEndOfChainX509 does not return end-user cert KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to return the "end-user" certificate. However, the end-user certificate is not at the end of the chain, but rather at the beginning of the chain as specificed by the RFC: https://tools.ietf.org/html/rfc5246#section-7.4.2 | This is a sequence (chain) of certificates. The sender's certificate MUST | come first in the list. Each following certificate MUST directly certify | the one preceding it. This patch fixes this by changing the GetEndOfChainX509() to GetTopOfChainX509(). An existing test is modified to test this patch. It does not pass without this change. Change-Id: I0e3f913259ec4c855ff211726fa6ecea94d328e7 --- M src/kudu/rpc/rpc-test.cc M src/kudu/security/ca/cert_management.cc M src/kudu/security/cert.cc M src/kudu/security/cert.h M src/kudu/security/test/test_certs.cc M src/kudu/security/tls_context.cc M src/kudu/security/tls_handshake.cc 7 files changed, 65 insertions(+), 22 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/95/8595/1 -- To view, visit http://gerrit.cloudera.org:8080/8595 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I0e3f913259ec4c855ff211726fa6ecea94d328e7 Gerrit-Change-Number: 8595 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com>