[
https://issues.apache.org/jira/browse/HADOOP-17649?focusedWorklogId=587351&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-587351
]
ASF GitHub Bot logged work on HADOOP-17649:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 22/Apr/21 16:19
Start Date: 22/Apr/21 16:19
Worklog Time Spent: 10m
Work Description: virajjasani commented on pull request #2932:
URL: https://github.com/apache/hadoop/pull/2932#issuecomment-824987122
> The reason we use wildfly in the azure and -aws JARs is for performance by
picking up those native bindings. if you use wildfly ssl as your socket
factory, when openssl binaries are on PATH, then it will be used.
> If this change takes that feature away, it's a regression which will hurt
performance. Yes, that use of openssl has been brittle in the past, but it is
stable now between our wildfly version and openssl 1.1.1
Thanks for the detailed info @steveloughran. It looks wildfly-openssl has
more usecases to serve than what I thought of earlier.
Do we have any specific tests (or is it even possible to write tests) that
validates using openssl binaries available in PATH while using wildfly ssl as
socket factory? Perhaps this might be very complicated scenario to test?
> What does this repackaging mean in terms of integration with openssl?
I afraid I might not have good knowledge here, I was merely relying on unit
tests run by QA.
For the above mentioned feature, could you please share any doc if you have?
Thanks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 587351)
Time Spent: 1h 50m (was: 1h 40m)
> Update wildfly openssl to 2.1.3.Final
> -------------------------------------
>
> Key: HADOOP-17649
> URL: https://issues.apache.org/jira/browse/HADOOP-17649
> Project: Hadoop Common
> Issue Type: Task
> Reporter: Wei-Chiu Chuang
> Assignee: Viraj Jasani
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> https://nvd.nist.gov/vuln/detail/CVE-2020-25644
> A memory leak flaw was found in WildFly OpenSSL in versions prior to
> 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to
> cause OOM leading to a denial of service. The highest threat from this
> vulnerability is to system availability.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
