[jira] [Commented] (HADOOP-16647) Support OpenSSL 1.1.1 LTS

Mon, 30 Mar 2020 07:05:13 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17071010#comment-17071010
 ] 

Luca Toscano commented on HADOOP-16647:
---------------------------------------

Hi [~rakeshr],

from what I can see 
[https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/crypto.h#L212-L216]
 the defines are now in crypto.h and they are yielding a no-op (more info 
[https://github.com/openssl/openssl/issues/1260]). OpensslSecureRandom.c seems 
not including crypto.h, so my guess is that this is the reason for the 
undefined reference error above.

For testing I wouldn't rely only on hdfs put but also to the following 
(non-authoritative list, this is only a suggestion from my experience :)):
 * hdfs checknative -a (and check if openssl reports any error)
 * running a mapreduce job with encrypted shuffle or running a spark 2.4 job 
with AES encryption.

Hope it helps!

Luca

> Support OpenSSL 1.1.1 LTS
> -------------------------
>
>                 Key: HADOOP-16647
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16647
>             Project: Hadoop Common
>          Issue Type: Task
>          Components: security
>            Reporter: Wei-Chiu Chuang
>            Priority: Critical
>
> See Hadoop user mailing list 
> http://mail-archives.apache.org/mod_mbox/hadoop-user/201910.mbox/%3CCADiq6%3DweDFxHTL_7eGwDNnxVCza39y2QYQTSggfLn7mXhMLOdg%40mail.gmail.com%3E
> Hadoop 2 supports OpenSSL 1.0.2.
> Hadoop 3 supports OpenSSL 1.1.0 (HADOOP-14597) and I believe 1.0.2 too.
> Per OpenSSL blog https://www.openssl.org/policies/releasestrat.html
> * 1.1.0 is EOL 2019/09/11
> * 1.0.2 EOL 2019/12/31
> * 1.1.1 is EOL 2023/09/11 (LTS)
> Many Hadoop installation relies on the OpenSSL package provided by Linux 
> distros, but it's not clear to me if Linux distros are going support 
> 1.1.0/1.0.2 beyond this date.
> We should make sure Hadoop works with OpenSSL 1.1.1, as well as document the 
> openssl version supported. File this jira to test/document/fix bugs.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to