You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Jason Fehr (Jira)" <ji...@apache.org> on 2023/05/30 14:27:00 UTC
[jira] [Updated] (IMPALA-11922) Add Startup Flag to Select TLS Certificate Verification on JWKS URL
[ https://issues.apache.org/jira/browse/IMPALA-11922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Fehr updated IMPALA-11922:
--------------------------------
Fix Version/s: Impala 4.3.0
> Add Startup Flag to Select TLS Certificate Verification on JWKS URL
> -------------------------------------------------------------------
>
> Key: IMPALA-11922
> URL: https://issues.apache.org/jira/browse/IMPALA-11922
> Project: IMPALA
> Issue Type: New Feature
> Components: Backend, Security
> Reporter: Jason Fehr
> Assignee: Jason Fehr
> Priority: Major
> Fix For: Impala 4.3.0
>
>
> When JWT authentication is configured and the "jwks_url" startup flag is specified, Impala is not verifying the JWKS server's TLS certificate.
> [https://github.com/apache/impala/blob/e17fd9a0d5428306dfa41a041a44c800824d72f6/be/src/util/jwt-util.cc#L557]
> Add a new startup flag that enables the user to select whether or not they wish to verify the JWKS server's TLS certificate. Default this option to verifying the certificate. *This is a breaking change as current behavior skips TLS certificate verifications.*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org