[IMPALA-6172] KRPC w/ TLS doesn't work on remote clusters after rebase - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Impala 2.11.0
Component/s: Security
Labels:
- broken-build
- security

Epic Color:
ghx-label-8

Description

It looks like depending on who initializes OpenSSL (KRPC or us), the behavior changes. After some cherry-picks, we're unable to run Impala on remote clusters with TLS with certain certificate types.

We get the following when we use intermediate CAs:

"F1108 10:47:36.532202 93303 impalad-main.cc:79] Could not build messenger: Runtime error: certificate does not match private key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:331"

And we get the following when we use self-signed certificates:
"self signed certificate in certificate chain"

Attachments

Issue Links

Add Link

is duplicated by

KUDU-2220 GetEndOfChainX509 does not return end-user cert

Resolved

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Sailesh Mukil

Reporter:: Sailesh Mukil

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Nov/17 21:48

Updated:: 22/Nov/17 00:43

Resolved:: 22/Nov/17 00:43

Agile

View on Board

KRPC w/ TLS doesn't work on remote clusters after rebase

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment