[
https://issues.apache.org/jira/browse/KUDU-1901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15886994#comment-15886994
]
Todd Lipcon commented on KUDU-1901:
-----------------------------------
Despite the admonishment in the OpenSSL docs, it seems like it fixes the crash
(and TSAN warning) if we hold the lock while calling SSL_new, to prevent a
concurrent SSL_new+SSL_CTX_use_certificate.
Should we just do this, or should we do a larger patch to try to construct an
entirely new SSL_CTX and swap it in? I think my preference is the former, to
avoid the code complexity.
> OpenSSL crashes if cert is adopted concurrently with a handshake
> ----------------------------------------------------------------
>
> Key: KUDU-1901
> URL: https://issues.apache.org/jira/browse/KUDU-1901
> Project: Kudu
> Issue Type: Bug
> Components: security
> Affects Versions: 1.3.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
>
> We saw this in a test case and I was able to reproduce it.
> https://github.com/openssl/openssl/issues/2165 indicates that it's a known
> issue (or expected behavior) of OpenSSL.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
