[Impala-ASF-CR] IMPALA-7519: Support elliptic curve ssl ciphers

Thu, 20 Sep 2018 14:38:02 -0700 

Dan Burkert has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11376 )

Change subject: IMPALA-7519: Support elliptic curve ssl ciphers
......................................................................


Patch Set 4:

(6 comments)

http://gerrit.cloudera.org:8080/#/c/11376/4/be/src/rpc/thrift-server.cc
File be/src/rpc/thrift-server.cc:

http://gerrit.cloudera.org:8080/#/c/11376/4/be/src/rpc/thrift-server.cc@368
PS4, Line 368:     ERR_clear_error();
Any reason not to use SCOPED_OPENSSL_NO_PENDING_ERRORS in the method prelude 
instead of defensively clearing errors here?  We actually found that clearing 
errors defensively caused perf issues in Kudu 
(https://github.com/apache/kudu/commit/5f1ca4f3948a61b22946255e4ada89)


http://gerrit.cloudera.org:8080/#/c/11376/4/be/src/rpc/thrift-server.cc@376
PS4, Line 376:     if (ERR_peek_error() != 0) {
This check should not be necessary, since EC_KEY_new_by_curve_name returns null 
on error.


http://gerrit.cloudera.org:8080/#/c/11376/4/be/src/rpc/thrift-server.cc@381
PS4, Line 381:       throw TSSLException("failed to create prime256v1 curve");
It may be helpful to append the GetOpenSSLErrors() string to this message.


http://gerrit.cloudera.org:8080/#/c/11376/4/be/src/rpc/thrift-server.cc@385
PS4, Line 385:     if (ERR_peek_error() != 0) {
similarly, this check should not be necessary since SSL_CTX_set_tmp_ecdh 
returns zero on error.


http://gerrit.cloudera.org:8080/#/c/11376/4/be/src/rpc/thrift-server.cc@390
PS4, Line 390:       throw new TSSLException("failed to set ECDH curve");
similarly, it would probably be useful to add error strings to this message.


http://gerrit.cloudera.org:8080/#/c/11376/4/be/src/rpc/thrift-server.cc@396
PS4, Line 396:     if (ERR_peek_error() != 0) {
likewise



--
To view, visit http://gerrit.cloudera.org:8080/11376
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I1666ceabec51b425e8a82be1cf519e2ac35fa5a6
Gerrit-Change-Number: 11376
Gerrit-PatchSet: 4
Gerrit-Owner: Thomas Marshall <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Reviewer: Thomas Marshall <[email protected]>
Gerrit-Reviewer: Tim Armstrong <[email protected]>
Gerrit-Comment-Date: Thu, 20 Sep 2018 21:37:49 +0000
Gerrit-HasComments: Yes

Reply via email to