You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Sailesh Mukil (JIRA)" <ji...@apache.org> on 2017/11/19 22:48:01 UTC

[jira] [Created] (KUDU-2220) GetEndOfChainX509 does not return end-user cert

Sailesh Mukil created KUDU-2220:
-----------------------------------

             Summary: GetEndOfChainX509 does not return end-user cert
                 Key: KUDU-2220
                 URL: https://issues.apache.org/jira/browse/KUDU-2220
             Project: Kudu
          Issue Type: Bug
          Components: security
    Affects Versions: 1.5.0
            Reporter: Sailesh Mukil
            Assignee: Sailesh Mukil


KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to return the "end-user" certificate. However, the end-user certificate is not at the end of the chain, but rather at the beginning of the chain as specificed by the RFC:

https://tools.ietf.org/html/rfc5246#section-7.4.2

{quote}This is a sequence (chain) of certificates.  The sender's certificate MUST come first in the list.  Each following certificate MUST directly certify the one preceding it.{quote}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)