impala-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Robinson (Code Review)" <ger...@cloudera.org>
Subject [Impala-ASF-CR] IMPALA-5775: Allow shell to support TLSv1, v1.1 and v1.2
Date Tue, 15 Aug 2017 03:33:40 GMT
Henry Robinson has uploaded a new change for review.

  http://gerrit.cloudera.org:8080/7675

Change subject: IMPALA-5775: Allow shell to support TLSv1, v1.1 and v1.2
......................................................................

IMPALA-5775: Allow shell to support TLSv1, v1.1 and v1.2

The shell uses Thrift's TSSLSocket to negotiate secure connections to
Impala. This socket uses a variable SSL_VERSION to determine which SSL
and TLS protocol versions it will connect to.

SSL_VERSION was hardcoded to be PROTOCOL_TLSv1, which only supports
TLSv1 servers and no other protocol version. Change the allowed version
to be PROTOCOL_SSLv23, which supports any TLS or SSL protocol. We rely
on the server not to allow SSLv2 or v3 connections.

Testing: Added a new custom cluster test to confirm that the shell can
connect to a TLSv1.2 cluster.

Change-Id: I5487f82d110676b9c3c7a5305931da00c7f68ca0
---
M shell/TSSLSocketWithWildcardSAN.py
M tests/custom_cluster/test_client_ssl.py
M tests/util/thrift_util.py
3 files changed, 25 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/75/7675/1
-- 
To view, visit http://gerrit.cloudera.org:8080/7675
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5487f82d110676b9c3c7a5305931da00c7f68ca0
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Henry Robinson <henry@cloudera.com>

Mime
View raw message