Pavan Devaraj created THRIFT-5313:
-------------------------------------
Summary: Set CRYPTO_set_id_callback for OpenSSL 1.0.X
Key: THRIFT-5313
URL: https://issues.apache.org/jira/browse/THRIFT-5313
Project: Thrift
Issue Type: Bug
Affects Versions: 0.13.0, 0.12.0, 0.11.0, 0.10.0, 0.9
Reporter: Pavan Devaraj
OpenSSL can generally be used safely in multi-threaded applications provided
that at least two callback functions are set, the locking_function and
threadid_func. This applies to [OpenSSL version 1.0.2 and
earlier|https://www.openssl.org/blog/blog/2017/02/21/threads/].
However, the thrift server has not set the threadid_func for OpenSSL version
1.0.X. So, with OpenSSL 1.0.X, multi-threaded clients fail to connect to the
Thrift server, when connections are attempted simultaneously, especially with
FIPS mode ON.
This needs to be corrected by bumping up the OpenSSL version Check to include
1.0.X in the [TSSLSocket class|
https://github.com/apache/thrift/blob/0.12.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp#L128].
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
