[jira] [Commented] (HADOOP-11216) Improve Openssl library finding

Wed, 29 Oct 2014 07:26:59 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14188392#comment-14188392
 ] 

Yi Liu commented on HADOOP-11216:
---------------------------------

Thanks Colin, there are two issues in current patch.
*1.*
{{set_find_shared_library_version}} is removed, then both shared library and 
static library can be candidate, if there is no {{libcrypto.so}} (no suffix), 
but {{libcrypto.a}} exists, then the static library will be used, it's not 
expected. I have confirmed the behavior in my local environment.
We should only  find the shared library with no suffix.
*2.*
{quote}
It adds a compile-time check that the openssl version we're compiling against 
is not too old.
{quote}
This only check the header file, then there is potential issue:
User specify custom openssl and the version is enough new, so the header file 
passes check, but there is no {{libcrypto.so}}, and {{bundle.openssl}} is set, 
then the old openssl shared library in system path is bundled, that's not 
expected.
So we should also check the found openssl library is in the same location as 
the found openssl header file.

> Improve Openssl library finding
> -------------------------------
>
>                 Key: HADOOP-11216
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11216
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Yi Liu
>            Assignee: Colin Patrick McCabe
>         Attachments: HADOOP-11216.003.patch, HADOOP-11216.004.patch
>
>
> When we compile Openssl 1.0.0\(x\) or 1.0.1\(x\) using default options, there 
> will be {{libcrypto.so.1.0.0}} in output lib dir, so we expect this version 
> suffix in cmake build file
> {code}
> SET(STORED_CMAKE_FIND_LIBRARY_SUFFIXES CMAKE_FIND_LIBRARY_SUFFIXES)
> set_find_shared_library_version("1.0.0")
> SET(OPENSSL_NAME "crypto")
> ....
> {code}
> If we don't bundle the crypto shared library in Hadoop distribution, then 
> Hadoop will try to find crypto library in system path when running.
> But in real linux distribution, there may be no {{libcrypto.so.1.0.0}} or 
> {{libcrypto.so}} even the system embedded openssl is 1.0.1\(x\).  Then we 
> need to make symbolic link.
> This JIRA is to improve the Openssl library finding.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to