Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2220

GetEndOfChainX509 does not return end-user cert

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.5.0
    • 1.6.0
    • security
    • None

    Description

      KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to return the "end-user" certificate. However, the end-user certificate is not at the end of the chain, but rather at the beginning of the chain as specificed by the RFC:

      https://tools.ietf.org/html/rfc5246#section-7.4.2

      This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it.

      Attachments

        Issue Links

          duplicates

          Sub-task - The sub-task of the issue IMPALA-6172 KRPC w/ TLS doesn't work on remote clusters after rebase

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Activity

            People

              sailesh Sailesh Mukil
              sailesh Sailesh Mukil
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: