Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/9934 )
Change subject: KUDU-2401: External TLS certificate with Intermediate CA in server cert file fails ...................................................................... Patch Set 3: (4 comments) http://gerrit.cloudera.org:8080/#/c/9934/1//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/9934/1//COMMIT_MSG@11 PS1, Line 11: cert.pem has 2 certificates in it: > I couldn't find any documentation on whether this is allowed or not. On the Mike Yoder commented on the JIRA saying that this should be supported, so I'm willing to take his word on that. http://gerrit.cloudera.org:8080/#/c/9934/1//COMMIT_MSG@28 PS1, Line 28: TODO: Add a test case that has multiple intermediate CAs. Right now we're testing : with only one in > nit: remove Done http://gerrit.cloudera.org:8080/#/c/9934/1/src/kudu/security/test/test_certs.h File src/kudu/security/test/test_certs.h: http://gerrit.cloudera.org:8080/#/c/9934/1/src/kudu/security/test/test_certs.h@78 PS1, Line 78: // Same as the CreateTestSSLCertWithPlainKey() except that the 'cert_file' is > ca_cert_file is also different between the two. See my comment in the cc fi Done http://gerrit.cloudera.org:8080/#/c/9934/1/src/kudu/security/test/test_certs.cc File src/kudu/security/test/test_certs.cc: http://gerrit.cloudera.org:8080/#/c/9934/1/src/kudu/security/test/test_certs.cc@766 PS1, Line 766: // The kRootCaCert contains only the rootCA. > Maybe you could add some ascii-art to outline how these are signed and dist Done. I can work on adding a 4th cert, but that would require a regeneration of these certs, which can take sometime. I'll try to add it on as a following test case in a separate patch in the interest of time. -- To view, visit http://gerrit.cloudera.org:8080/9934 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: If4af35e97ec6f91c1d9ed902128bd7f4e260f0f4 Gerrit-Change-Number: 9934 Gerrit-PatchSet: 3 Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Lars Volker <l...@cloudera.com> Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Comment-Date: Thu, 05 Apr 2018 22:15:19 +0000 Gerrit-HasComments: Yes
