You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Alexey Serbin (Code Review)" <ge...@cloudera.org> on 2016/11/03 07:23:43 UTC
[kudu-CR] [security] added TlsServer and TlsClient wrappers
Alexey Serbin has uploaded a new change for review.
http://gerrit.cloudera.org:8080/4926
Change subject: [security] added TlsServer and TlsClient wrappers
......................................................................
[security] added TlsServer and TlsClient wrappers
Added TlsServer and TlsClient classes as wrappers for
'openssl s_server' and 'openssl s_client' correspondingly.
The wrapper classes can be used in unit tests which verify whether
the generated certificates used by the reference SSL/TLS server
can be successfully validated by the reference SSL/TLS client.
Multiple certificate properties of the generated certificates can
be verified/tested: expiration date, non-matching signature of the
server certificate, matching DNS and IP parameters in the X509v3 SAN
extension (Subject Alternative Name) against the actual DNS name and
IP address of the server, etc.
Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
---
M src/kudu/security/CMakeLists.txt
A src/kudu/security/tls_client.cc
A src/kudu/security/tls_client.h
A src/kudu/security/tls_client_server-test.cc
A src/kudu/security/tls_server.cc
A src/kudu/security/tls_server.h
6 files changed, 643 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/26/4926/1
--
To view, visit http://gerrit.cloudera.org:8080/4926
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
[kudu-CR] [security] added TlsServer and TlsClient wrappers
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has uploaded a new patch set (#2).
Change subject: [security] added TlsServer and TlsClient wrappers
......................................................................
[security] added TlsServer and TlsClient wrappers
Added TlsServer and TlsClient classes as wrappers for
'openssl s_server' and 'openssl s_client' correspondingly.
The wrapper classes can be used in unit tests which verify whether
the generated certificates used by the reference SSL/TLS server
can be successfully validated by the reference SSL/TLS client.
Multiple certificate properties of the generated certificates can
be verified/tested: expiration date, non-matching signature of the
server certificate, matching DNS and IP parameters in the X509v3 SAN
extension (Subject Alternative Name) against the actual DNS name and
IP address of the server, etc.
Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
---
M src/kudu/security/CMakeLists.txt
A src/kudu/security/tls_client.cc
A src/kudu/security/tls_client.h
A src/kudu/security/tls_client_server-test.cc
A src/kudu/security/tls_server.cc
A src/kudu/security/tls_server.h
6 files changed, 644 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/26/4926/2
--
To view, visit http://gerrit.cloudera.org:8080/4926
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR] [security] added TlsServer and TlsClient wrappers
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Hello Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/4926
to look at the new patch set (#3).
Change subject: [security] added TlsServer and TlsClient wrappers
......................................................................
[security] added TlsServer and TlsClient wrappers
Added TlsServer and TlsClient classes as wrappers for
'openssl s_server' and 'openssl s_client' correspondingly.
The wrapper classes can be used in unit tests which verify whether
the generated certificates used by the reference SSL/TLS server
can be successfully validated by the reference SSL/TLS client.
Multiple certificate properties of the generated certificates can
be verified/tested: expiration date, non-matching signature of the
server certificate, matching DNS and IP parameters in the X509v3 SAN
extension (Subject Alternative Name) against the actual DNS name and
IP address of the server, etc.
Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
---
M src/kudu/security/CMakeLists.txt
A src/kudu/security/test/tls_client.cc
A src/kudu/security/test/tls_client.h
A src/kudu/security/test/tls_client_server-test.cc
A src/kudu/security/test/tls_server.cc
A src/kudu/security/test/tls_server.h
6 files changed, 644 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/26/4926/3
--
To view, visit http://gerrit.cloudera.org:8080/4926
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR] [security] added TlsServer and TlsClient wrappers
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change.
Change subject: [security] added TlsServer and TlsClient wrappers
......................................................................
Patch Set 2:
> These are just useful for tests, right? Maybe we should move them
> into a security/test/ directory or something? (haven't looked at
> patch yet)
Yes, exactly -- those are just for tests. I'm planning to add some additional tests for the certificate management stuff using these TlsClient and TlsServer wrappers.
I think moving them into the tests subdirectory is a very good idea. Will do.
BTW, on the same note (but may be in a separate changelist): what do you think about doing the same with the mini_kdc stuff?
--
To view, visit http://gerrit.cloudera.org:8080/4926
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR] [security] added TlsServer and TlsClient wrappers
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: [security] added TlsServer and TlsClient wrappers
......................................................................
Patch Set 3:
sure, I'd support moving minikdc into security/test/ (to correspond to the security-test cmake module that we have)
--
To view, visit http://gerrit.cloudera.org:8080/4926
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR] [security] added TlsServer and TlsClient wrappers
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: [security] added TlsServer and TlsClient wrappers
......................................................................
Patch Set 2:
These are just useful for tests, right? Maybe we should move them into a security/test/ directory or something? (haven't looked at patch yet)
--
To view, visit http://gerrit.cloudera.org:8080/4926
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR] [security] added TlsServer and TlsClient wrappers
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Hello Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/4926
to look at the new patch set (#4).
Change subject: [security] added TlsServer and TlsClient wrappers
......................................................................
[security] added TlsServer and TlsClient wrappers
Added TlsServer and TlsClient classes as wrappers for
'openssl s_server' and 'openssl s_client' correspondingly.
The wrapper classes can be used in unit tests which verify whether
the generated certificates used by the reference SSL/TLS server
can be successfully validated by the reference SSL/TLS client.
Multiple certificate properties of the generated certificates can
be verified/tested: expiration date, non-matching signature of the
server certificate, matching DNS and IP parameters in the X509v3 SAN
extension (Subject Alternative Name) against the actual DNS name and
IP address of the server, etc.
Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
---
M src/kudu/security/CMakeLists.txt
A src/kudu/security/test/tls_client.cc
A src/kudu/security/test/tls_client.h
A src/kudu/security/test/tls_client_server-test.cc
A src/kudu/security/test/tls_server.cc
A src/kudu/security/test/tls_server.h
6 files changed, 644 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/26/4926/4
--
To view, visit http://gerrit.cloudera.org:8080/4926
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR] [security] added TlsServer and TlsClient wrappers
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has abandoned this change.
Change subject: [security] added TlsServer and TlsClient wrappers
......................................................................
Abandoned
This got done in some other review by now
--
To view, visit http://gerrit.cloudera.org:8080/4926
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: abandon
Gerrit-Change-Id: I80b5e636e0dbe028b9e8262ced0a4a1607ffd239
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>