You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by kw...@apache.org on 2017/08/31 04:29:26 UTC
[11/12] incubator-impala git commit: IMPALA-5816: xfail wildcard TLS
cert tests
IMPALA-5816: xfail wildcard TLS cert tests
Wildcard support is not uniform across all platforms that Impala is
tested on. This patch xfails the wildcard tests in test_client_ssl.
A follow-up change will generate certificates on a per-host basis, which
should allow compatible wildcard certs to be generated for all platforms.
Change-Id: I86148739aa1c66c817eed8b727f68cfc08c178ed
Reviewed-on: http://gerrit.cloudera.org:8080/7908
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
Tested-by: Impala Public Jenkins
Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/c163ac14
Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/c163ac14
Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/c163ac14
Branch: refs/heads/master
Commit: c163ac1468e4d878c3516ec933c69fb66851af01
Parents: 3a41c21
Author: Henry Robinson <he...@cloudera.com>
Authored: Wed Aug 30 15:17:47 2017 -0700
Committer: Impala Public Jenkins <im...@gerrit.cloudera.org>
Committed: Thu Aug 31 02:50:16 2017 +0000
----------------------------------------------------------------------
tests/custom_cluster/test_client_ssl.py | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c163ac14/tests/custom_cluster/test_client_ssl.py
----------------------------------------------------------------------
diff --git a/tests/custom_cluster/test_client_ssl.py b/tests/custom_cluster/test_client_ssl.py
index 487b802..b9b2096 100644
--- a/tests/custom_cluster/test_client_ssl.py
+++ b/tests/custom_cluster/test_client_ssl.py
@@ -111,10 +111,11 @@ class TestClientSsl(CustomClusterTestSuite):
# Test that the shell can connect to a TLS1.2 only cluster, and for good measure
# restrict the cipher suite to just one choice.
- TLS_V12_ARGS = ("--ssl_server_certificate=%s/wildcard-cert.pem "
- "--ssl_private_key=%s/wildcard-cert.key "
+ TLS_V12_ARGS = ("--ssl_client_ca_certificate=%s/server-cert.pem "
+ "--ssl_server_certificate=%s/server-cert.pem "
+ "--ssl_private_key=%s/server-key.pem "
+ "--hostname=localhost " # Required to match hostname in certificate"
"--ssl_minimum_version=tlsv1.2 "
- "--ssl_client_ca_certificate=%s/wildcardCA.pem "
"--ssl_cipher_list=AES128-GCM-SHA256 "
% (CERT_DIR, CERT_DIR, CERT_DIR))
@@ -124,13 +125,14 @@ class TestClientSsl(CustomClusterTestSuite):
catalogd_args=TLS_V12_ARGS)
@pytest.mark.skipif(HAS_LEGACY_OPENSSL, reason=SKIP_SSL_MSG)
def test_tls_v12(self, vector):
- self._validate_positive_cases("%s/wildcardCA.pem" % self.CERT_DIR)
+ self._validate_positive_cases("%s/server-cert.pem" % self.CERT_DIR)
@pytest.mark.execute_serially
@CustomClusterTestSuite.with_args(impalad_args=SSL_WILDCARD_ARGS,
statestored_args=SSL_WILDCARD_ARGS,
catalogd_args=SSL_WILDCARD_ARGS)
@pytest.mark.skipif(HAS_LEGACY_OPENSSL, reason=SKIP_SSL_MSG)
+ @pytest.mark.xfail(run=True, reason="Inconsistent wildcard support on target platforms")
def test_wildcard_ssl(self, vector):
""" Test for IMPALA-3159: Test with a certificate which has a wildcard for the
CommonName.
@@ -144,6 +146,7 @@ class TestClientSsl(CustomClusterTestSuite):
statestored_args=SSL_WILDCARD_SAN_ARGS,
catalogd_args=SSL_WILDCARD_SAN_ARGS)
@pytest.mark.skipif(HAS_LEGACY_OPENSSL, reason=SKIP_SSL_MSG)
+ @pytest.mark.xfail(run=True, reason="Inconsistent wildcard support on target platforms")
def test_wildcard_san_ssl(self, vector):
""" Test for IMPALA-3159: Test with a certificate which has a wildcard as a SAN. """