Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-2567 KRPC milestone 1
  3. IMPALA-6172

KRPC w/ TLS doesn't work on remote clusters after rebase

    XMLWordPrintableJSON

Details

    • ghx-label-8

    Description

      It looks like depending on who initializes OpenSSL (KRPC or us), the behavior changes. After some cherry-picks, we're unable to run Impala on remote clusters with TLS with certain certificate types.

      We get the following when we use intermediate CAs:

      "F1108 10:47:36.532202 93303 impalad-main.cc:79] Could not build messenger: Runtime error: certificate does not match private key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:331"

      And we get the following when we use self-signed certificates:
      "self signed certificate in certificate chain"

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. KUDU-2220 GetEndOfChainX509 does not return end-user cert

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              sailesh Sailesh Mukil
              sailesh Sailesh Mukil
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: