[
https://issues.apache.org/jira/browse/HADOOP-18583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823345#comment-17823345
]
ASF GitHub Bot commented on HADOOP-18583:
-----------------------------------------
steveloughran commented on PR #5256:
URL: https://github.com/apache/hadoop/pull/5256#issuecomment-1977458743
> hadoop-yarn-server-nodemanager's container-executor
no idea. best to discuss on yarn-dev
regarding crypton and checknative, we may to work on that. IMO checknative
should look for openssl, at least if we add a -openssl argument.
I don't think we have specific openssl issues. In #6425 I had to add error
string matching for openssl 1 messages indicating stale https connections
(these were surfacing deep in the AWS error stack). For 3.x it'd be good to
know that these strings were the same -or update them. Maybe you can create an
uber-jira "support openssl 3"
one more thing: what is the openssl FIPS story? as for strict fips support
we don't just want to talk to fips endpoints, we want to run on hosts where the
ssl lib doesn't have the untrusted algorithms at all.
> hadoop checknative fails to load openssl 3.x
> --------------------------------------------
>
> Key: HADOOP-18583
> URL: https://issues.apache.org/jira/browse/HADOOP-18583
> Project: Hadoop Common
> Issue Type: Bug
> Components: native
> Affects Versions: 3.3.4
> Reporter: Sebastian Klemke
> Priority: Major
> Labels: pull-request-available
> Attachments: 100-hadoop-3.3.4-openssl-3.patch
>
>
> After building Hadoop 3.3.4 from source on Ubuntu 22.04, `hadoop checknative`
> reports
> {code:java}
> $ hadoop checknative
> 2022-12-21 22:12:02,106 INFO bzip2.Bzip2Factory: Successfully loaded &
> initialized native-bzip2 library system-native
> 2022-12-21 22:12:02,107 INFO zlib.ZlibFactory: Successfully loaded &
> initialized native-zlib library
> 2022-12-21 22:12:02,130 INFO nativeio.NativeIO: The native code was built
> without PMDK support.
> Native library checking:
> hadoop: true /hadoop/lib/native/libhadoop.so.1.0.0
> zlib: true /lib/x86_64-linux-gnu/libz.so.1
> zstd : true /lib/x86_64-linux-gnu/libzstd.so.1
> bzip2: true /lib/x86_64-linux-gnu/libbz2.so.1
> openssl: false EVP_CIPHER_CTX_block_size
> ISA-L: true /lib/x86_64-linux-gnu/libisal.so.2
> PMDK: false The native code was built without PMDK support.{code}
> The issue seems to be at least two symbols that were removed from ABI in
> OpenSSL 3.x releases:
> * EVP_CIPHER_CTX_block_size (new name: EVP_CIPHER_CTX_get_block_size)
> * EVP_CIPHER_CTX_encrypting (new name: EVP_CIPHER_CTX_is_encrypting)
> The attached patch [^100-hadoop-3.3.4-openssl-3.patch] works around the issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
