[jira] [Commented] (HADOOP-16647) Support OpenSSL 1.1.1 LTS

[Rakesh Radhakrishnan (Jira)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-16647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17070837#comment-17070837
 ] 

Rakesh Radhakrishnan commented on HADOOP-16647:
-----------------------------------------------

How about adding a version check in 
[OpensslSecureRandom.c|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/random/OpensslSecureRandom.c#L117]
 file like below,
{code:java}
  #if OPENSSL_VERSION_NUMBER < 0x10100000L
     // pre-1.1.0
     LOAD_DYNAMIC_SYMBOL(dlsym_CRYPTO_num_locks, env, openssl, 
"CRYPTO_num_locks");
     LOAD_DYNAMIC_SYMBOL(dlsym_CRYPTO_set_locking_callback,  \
                      env, openssl, "CRYPTO_set_locking_callback");
     LOAD_DYNAMIC_SYMBOL(dlsym_CRYPTO_set_id_callback, env,  \
                      openssl, "CRYPTO_set_id_callback");
  #else
     // post-1.1.0 version
     #define dlsym_CRYPTO_num_locks() 1
     #define dlsym_CRYPTO_set_locking_callback(a)
     #define dlsym_CRYPTO_set_id_callback(a)
  #endif{code}
I have tried an attempt in my test cluster using version check patch. Cluster 
has {{OpenSSL 1.1.1 11 Sep 2018}} and {{Ubuntu 18.04.3}}
 Here, I was able to run {{hdfs put}} command without the above mentioned 
exception.

Welcome thoughts. Thanks!

> Support OpenSSL 1.1.1 LTS
> -------------------------
>
>                 Key: HADOOP-16647
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16647
>             Project: Hadoop Common
>          Issue Type: Task
>          Components: security
>            Reporter: Wei-Chiu Chuang
>            Priority: Critical
>
> See Hadoop user mailing list 
> http://mail-archives.apache.org/mod_mbox/hadoop-user/201910.mbox/%3CCADiq6%3DweDFxHTL_7eGwDNnxVCza39y2QYQTSggfLn7mXhMLOdg%40mail.gmail.com%3E
> Hadoop 2 supports OpenSSL 1.0.2.
> Hadoop 3 supports OpenSSL 1.1.0 (HADOOP-14597) and I believe 1.0.2 too.
> Per OpenSSL blog https://www.openssl.org/policies/releasestrat.html
> * 1.1.0 is EOL 2019/09/11
> * 1.0.2 EOL 2019/12/31
> * 1.1.1 is EOL 2023/09/11 (LTS)
> Many Hadoop installation relies on the OpenSSL package provided by Linux 
> distros, but it's not clear to me if Linux distros are going support 
> 1.1.0/1.0.2 beyond this date.
> We should make sure Hadoop works with OpenSSL 1.1.1, as well as document the 
> openssl version supported. File this jira to test/document/fix bugs.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org