Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-2567 KRPC milestone 1
  3. IMPALA-6172

KRPC w/ TLS doesn't work on remote clusters after rebase

    Details

    • Epic Color:
      ghx-label-8

      Description

      It looks like depending on who initializes OpenSSL (KRPC or us), the behavior changes. After some cherry-picks, we're unable to run Impala on remote clusters with TLS with certain certificate types.

      We get the following when we use intermediate CAs:

      "F1108 10:47:36.532202 93303 impalad-main.cc:79] Could not build messenger: Runtime error: certificate does not match private key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:331"
      

      And we get the following when we use self-signed certificates:
      "self signed certificate in certificate chain"

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sailesh Sailesh Mukil
                Reporter:
                sailesh Sailesh Mukil
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: