Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-3014

Java client doesn't verify channel bindings during connection negotiation

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.0, 1.3.1, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.7.1, 1.9.0, 1.10.0, 1.11.0
    • Fix Version/s: 1.10.1, 1.11.1
    • Component/s: client, java
    • Labels:
      None

      Description

      When negotiating a secure connection with a server (master or tablet server), Kudu Java client doesn't verify the channel binding information against the TLS certificate presented by the server.

      Kudos to Andy Singer for pointing to the bug.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              aserbin Alexey Serbin
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: