[
https://issues.apache.org/jira/browse/HADOOP-16647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17073570#comment-17073570
]
Rakesh Radhakrishnan commented on HADOOP-16647:
-----------------------------------------------
{quote}Rakesh, can you also check it can compile against openssl 1.0.2 as well
as 1.1.0/1.1.1?
{quote}
[~weichiu] Thanks for providing verification points, will try setup env and
verify in all these versions.
Hi [~elukey],
{quote}What versions of openssl/hadoop/os are you using to test? For example,
if you are on Debian, what version of libcrypto.so you have if you do ls -l
/usr/lib/x86_64-linux-gnu/libcrypto.so ?
{quote}
I am using libcrypto.so.1.1 and OpenSSL 1.1.1 11 Sep 2018
{quote}when I asked to run hadoop checknative as test, the error reported was
EVP_CIPHER_CTX_cleanup
{quote}
Yes, your observation is correct. HADOOP-14597 was not applied in my build and
caused EVP_CIPHER_CTX_cleanup error while exec {{hadoop checknative -a}}. Sorry
for the confusion due to my mistake. Now, I have upgraded the code and hits
{{java.lang.UnsatisfiedLinkError: CRYPTO_num_locks}} error during {{hdfs put
command}}.
Also, am attaching another patch covering only {{ifdefs}} in
OpensslSecureRandom.c
{quote}I am wondering if the locking code needs to happen also for 1.1.1, maybe
using something different than num_lock.
{quote}
Good point. I have referred following links and it says "OpenSSL 1.1.0+ "can be
safely used in multi-threaded applications provided that support for the
underlying OS threading API is built-in"
References:
[link-1|https://stackoverflow.com/questions/58224138/do-i-need-to-use-crypto-locking-functions-for-thread-safety-in-openssl-1-1-0]
and [link-2|https://curl.haxx.se/libcurl/c/threadsafe.html]
> Support OpenSSL 1.1.1 LTS
> -------------------------
>
> Key: HADOOP-16647
> URL: https://issues.apache.org/jira/browse/HADOOP-16647
> Project: Hadoop Common
> Issue Type: Task
> Components: security
> Reporter: Wei-Chiu Chuang
> Assignee: Rakesh Radhakrishnan
> Priority: Critical
> Attachments: HADOOP-16647-00.patch
>
>
> See Hadoop user mailing list
> http://mail-archives.apache.org/mod_mbox/hadoop-user/201910.mbox/%3CCADiq6%3DweDFxHTL_7eGwDNnxVCza39y2QYQTSggfLn7mXhMLOdg%40mail.gmail.com%3E
> Hadoop 2 supports OpenSSL 1.0.2.
> Hadoop 3 supports OpenSSL 1.1.0 (HADOOP-14597) and I believe 1.0.2 too.
> Per OpenSSL blog https://www.openssl.org/policies/releasestrat.html
> * 1.1.0 is EOL 2019/09/11
> * 1.0.2 EOL 2019/12/31
> * 1.1.1 is EOL 2023/09/11 (LTS)
> Many Hadoop installation relies on the OpenSSL package provided by Linux
> distros, but it's not clear to me if Linux distros are going support
> 1.1.0/1.0.2 beyond this date.
> We should make sure Hadoop works with OpenSSL 1.1.1, as well as document the
> openssl version supported. File this jira to test/document/fix bugs.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
