Zoltan Borok-Nagy has uploaded this change for review. ( http://gerrit.cloudera.org:8080/20329
Change subject: IMPALA-11195: Disable SSL session renegotiations ...................................................................... IMPALA-11195: Disable SSL session renegotiations This commit updates the second Thrift 0.16.0 patch. Earlier version of that patch didn't do the job correctly when OpenSSL 1.0.2 was being used. In OpenSSL 1.0.2 we need to set the flag SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS in the SSL object *after* the handshake has happened. The earlier patch set the flag right after SSL_new(), and before SSL_accept(). OpenSSL has a bug that resets the flags in SSL_accept(), making the earlier patch ineffective. This commit updates the Thrift patch to correctly set the flag via a callback function. Instead of adding a new patch file under the thrift-0.16.0-patches directory I chose to fix the original patch so it won't get copied around unnecessarily. Change-Id: Ia39078f1497ece36660ed6224f6cbadbfdf71d82 --- M source/thrift/thrift-0.16.0-patches/0002-IMPALA-11195-Disable-SSL-renegotiations.patch 1 file changed, 34 insertions(+), 23 deletions(-) git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/29/20329/1 -- To view, visit http://gerrit.cloudera.org:8080/20329 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ia39078f1497ece36660ed6224f6cbadbfdf71d82 Gerrit-Change-Number: 20329 Gerrit-PatchSet: 1 Gerrit-Owner: Zoltan Borok-Nagy <[email protected]>
