[KUDU-3014] Java client doesn't verify channel bindings during connection negotiation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.0, 1.3.1, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.7.1, 1.9.0, 1.10.0, 1.11.0
Fix Version/s: 1.10.1, 1.11.1
Component/s: client, java
Labels:
None

Target Version/s:

1.10.1, 1.11.1

Description

When negotiating a secure connection with a server (master or tablet server), Kudu Java client doesn't verify the channel binding information against the TLS certificate presented by the server.

Kudos to Andy Singer for pointing to the bug.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Alexey Serbin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Dec/19 05:11

Updated:: 05/Dec/19 05:13

Resolved:: 05/Dec/19 05:13