You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@impala.apache.org by "Michael Ho (Code Review)" <ge...@cloudera.org> on 2017/08/20 01:11:40 UTC

[Impala-ASF-CR] KUDU-1929: [rpc] Allow using encrypted private keys for TLS

Hello Sailesh Mukil, Kudu Jenkins,

I'd like you to do a code review.  Please visit

    http://gerrit.cloudera.org:8080/7741

to review the following change.

Change subject: KUDU-1929: [rpc] Allow using encrypted private keys for TLS
......................................................................

KUDU-1929: [rpc] Allow using encrypted private keys for TLS

* This patch adds a new flag for a "password command" for the RPC
  private key.

 * This also makes the webserver move to using the new function
   GetPasswordFromShellCommand().

 * This also consolidates certificates from security-test-util into
   security/tests/test_certs

Testing: Adds 2 tests. One to verify that RPCs work when providing
the right password for password protected private keys, and one to
verify that the Messenger does not startup if the wrong password
is provided when using a password protected private key.

Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Reviewed-on: http://gerrit.cloudera.org:8080/6635
Tested-by: Kudu Jenkins
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
---
M be/src/kudu/rpc/messenger.cc
M be/src/kudu/rpc/rpc-test.cc
M be/src/kudu/security/crypto.cc
M be/src/kudu/security/crypto.h
M be/src/kudu/security/openssl_util.cc
M be/src/kudu/security/openssl_util.h
M be/src/kudu/security/openssl_util_bio.h
M be/src/kudu/security/security-test-util.cc
M be/src/kudu/security/security-test-util.h
M be/src/kudu/security/test/test_certs.cc
M be/src/kudu/security/test/test_certs.h
M be/src/kudu/security/tls_context.cc
M be/src/kudu/security/tls_context.h
13 files changed, 329 insertions(+), 144 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/41/7741/1
-- 
To view, visit http://gerrit.cloudera.org:8080/7741
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>

[Impala-ASF-CR] KUDU-1929: [rpc] Allow using encrypted private keys for TLS

Posted by "Michael Ho (Code Review)" <ge...@cloudera.org>.

Michael Ho has posted comments on this change.

Change subject: KUDU-1929: [rpc] Allow using encrypted private keys for TLS
......................................................................


Patch Set 1:

The merge of this patch is clean for all files in the be/src/kudu directory.

-- 
To view, visit http://gerrit.cloudera.org:8080/7741
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-HasComments: No

[Impala-ASF-CR] KUDU-1929: [rpc] Allow using encrypted private keys for TLS

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change.

Change subject: KUDU-1929: [rpc] Allow using encrypted private keys for TLS
......................................................................


Patch Set 2:

Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/1157/

-- 
To view, visit http://gerrit.cloudera.org:8080/7741
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Gerrit-PatchSet: 2
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-HasComments: No

[Impala-ASF-CR] KUDU-1929: [rpc] Allow using encrypted private keys for TLS

Posted by "Michael Ho (Code Review)" <ge...@cloudera.org>.

Hello Sailesh Mukil, Kudu Jenkins,

I'd like you to reexamine a change.  Please visit

    http://gerrit.cloudera.org:8080/7741

to look at the new patch set (#2).

Change subject: KUDU-1929: [rpc] Allow using encrypted private keys for TLS
......................................................................

KUDU-1929: [rpc] Allow using encrypted private keys for TLS

* This patch adds a new flag for a "password command" for the RPC
  private key.

 * This also makes the webserver move to using the new function
   GetPasswordFromShellCommand().

 * This also consolidates certificates from security-test-util into
   security/tests/test_certs

Testing: Adds 2 tests. One to verify that RPCs work when providing
the right password for password protected private keys, and one to
verify that the Messenger does not startup if the wrong password
is provided when using a password protected private key.

Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Reviewed-on: http://gerrit.cloudera.org:8080/6635
Tested-by: Kudu Jenkins
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
---
M be/src/kudu/rpc/messenger.cc
M be/src/kudu/rpc/rpc-test.cc
M be/src/kudu/security/crypto.cc
M be/src/kudu/security/crypto.h
M be/src/kudu/security/openssl_util.cc
M be/src/kudu/security/openssl_util.h
M be/src/kudu/security/openssl_util_bio.h
M be/src/kudu/security/security-test-util.cc
M be/src/kudu/security/security-test-util.h
M be/src/kudu/security/test/test_certs.cc
M be/src/kudu/security/test/test_certs.h
M be/src/kudu/security/tls_context.cc
M be/src/kudu/security/tls_context.h
13 files changed, 329 insertions(+), 144 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/41/7741/2
-- 
To view, visit http://gerrit.cloudera.org:8080/7741
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Gerrit-PatchSet: 2
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>

[Impala-ASF-CR] KUDU-1929: [rpc] Allow using encrypted private keys for TLS

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has submitted this change and it was merged.

Change subject: KUDU-1929: [rpc] Allow using encrypted private keys for TLS
......................................................................


KUDU-1929: [rpc] Allow using encrypted private keys for TLS

* This patch adds a new flag for a "password command" for the RPC
  private key.

 * This also makes the webserver move to using the new function
   GetPasswordFromShellCommand().

 * This also consolidates certificates from security-test-util into
   security/tests/test_certs

Testing: Adds 2 tests. One to verify that RPCs work when providing
the right password for password protected private keys, and one to
verify that the Messenger does not startup if the wrong password
is provided when using a password protected private key.

Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Reviewed-on: http://gerrit.cloudera.org:8080/6635
Tested-by: Kudu Jenkins
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
Reviewed-on: http://gerrit.cloudera.org:8080/7741
Reviewed-by: Michael Ho <kw...@cloudera.com>
Tested-by: Impala Public Jenkins
---
M be/src/kudu/rpc/messenger.cc
M be/src/kudu/rpc/rpc-test.cc
M be/src/kudu/security/crypto.cc
M be/src/kudu/security/crypto.h
M be/src/kudu/security/openssl_util.cc
M be/src/kudu/security/openssl_util.h
M be/src/kudu/security/openssl_util_bio.h
M be/src/kudu/security/security-test-util.cc
M be/src/kudu/security/security-test-util.h
M be/src/kudu/security/test/test_certs.cc
M be/src/kudu/security/test/test_certs.h
M be/src/kudu/security/tls_context.cc
M be/src/kudu/security/tls_context.h
13 files changed, 329 insertions(+), 144 deletions(-)

Approvals:
  Impala Public Jenkins: Verified
  Michael Ho: Looks good to me, approved



-- 
To view, visit http://gerrit.cloudera.org:8080/7741
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Gerrit-PatchSet: 3
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>

[Impala-ASF-CR] KUDU-1929: [rpc] Allow using encrypted private keys for TLS

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change.

Change subject: KUDU-1929: [rpc] Allow using encrypted private keys for TLS
......................................................................


Patch Set 2: Verified+1

-- 
To view, visit http://gerrit.cloudera.org:8080/7741
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Gerrit-PatchSet: 2
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-HasComments: No

[Impala-ASF-CR] KUDU-1929: [rpc] Allow using encrypted private keys for TLS

Posted by "Sailesh Mukil (Code Review)" <ge...@cloudera.org>.

Sailesh Mukil has posted comments on this change.

Change subject: KUDU-1929: [rpc] Allow using encrypted private keys for TLS
......................................................................


Patch Set 1: Code-Review+2

-- 
To view, visit http://gerrit.cloudera.org:8080/7741
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-HasComments: No

[Impala-ASF-CR] KUDU-1929: [rpc] Allow using encrypted private keys for TLS

Posted by "Michael Ho (Code Review)" <ge...@cloudera.org>.

Michael Ho has posted comments on this change.

Change subject: KUDU-1929: [rpc] Allow using encrypted private keys for TLS
......................................................................


Patch Set 2: Code-Review+2

Carry +2

-- 
To view, visit http://gerrit.cloudera.org:8080/7741
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifd6369581fa426ceab11e4a10441658c7da47e81
Gerrit-PatchSet: 2
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Michael Ho <kw...@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sa...@cloudera.com>
Gerrit-HasComments: No