[
https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17312447#comment-17312447
]
Masatake Iwasaki commented on HADOOP-17609:
-------------------------------------------
SM4 is intentionally disabled in openssl-1.1.1 of CentOS.
https://git.centos.org/rpms/openssl/blob/3dfed0dc2b196e3d2f958d4951348f41b6cea64b/f/SPECS/openssl.spec#_280
{noformat}
# ia64, x86_64, ppc are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5\
enable-weak-ssl-ciphers \
no-mdc2 no-ec2m no-sm2 no-sm4 \
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
{noformat}
> Make SM4 support optional for OpenSSL native code
> -------------------------------------------------
>
> Key: HADOOP-17609
> URL: https://issues.apache.org/jira/browse/HADOOP-17609
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native
> Affects Versions: 3.4.0
> Reporter: Masatake Iwasaki
> Assignee: Masatake Iwasaki
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098
> because the SM4 is not enabled on the openssl package. We should not force
> users to install OpenSSL from source code even if they do not use SM4 feature.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
