Tim Armstrong has posted comments on this change. ( http://gerrit.cloudera.org:8080/12420 )
Change subject: Add support for compiling using OpenSSL 1.1 ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/12420/1/be/src/util/openssl-util.cc File be/src/util/openssl-util.cc: http://gerrit.cloudera.org:8080/#/c/12420/1/be/src/util/openssl-util.cc@76 PS1, Line 76: #else : return TLS1_2_VERSION; : #endif : } > That results in: I guess OpenSSL is expecting that callers will pass in the version they want and rely on OpenSSL returning an error, rather than asking the library what it supports, i.e. https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_min_proto_version.html We support up to TLS1.2 with the newer OpenSSL, and we only document --ssl_minimum_version as supporting up to that, so that seems fine. Can you leave a comment, something like "OpenSSL 1.1+ doesn't let us detect the supported TLS version at runtime. Assume that the OpenSSL library we're linked against supports only up to TLS1.2. -- To view, visit http://gerrit.cloudera.org:8080/12420 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iaccf1b2dedf0d957a2665df8f9afca4139754264 Gerrit-Change-Number: 12420 Gerrit-PatchSet: 1 Gerrit-Owner: [email protected] <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Michael Ho <[email protected]> Gerrit-Reviewer: Tim Armstrong <[email protected]> Gerrit-Reviewer: [email protected] <[email protected]> Gerrit-Comment-Date: Tue, 12 Feb 2019 16:44:23 +0000 Gerrit-HasComments: Yes
