Tim Armstrong has posted comments on this change. Change subject: IMPALA-5775: Allow shell to support TLSv1, v1.1 and v1.2 ......................................................................
Patch Set 2: (2 comments) Looks good, just had minor comments. http://gerrit.cloudera.org:8080/#/c/7675/2/shell/TSSLSocketWithWildcardSAN.py File shell/TSSLSocketWithWildcardSAN.py: Line 50: self.SSL_VERSION = ssl.PROTOCOL_SSLv23 Maybe mention that TSSLSocket forwards self.SSL_VERSION to the wrap_socket argument of wrap_socket()? I guess it's implied but setting a "constant" is a bit of weird API so it took me a while to convince myself it worked. FWIW it looks like they cleaned it up in THRIFT-3505 (Thrift 0.10.0) http://gerrit.cloudera.org:8080/#/c/7675/2/tests/custom_cluster/test_client_ssl.py File tests/custom_cluster/test_client_ssl.py: Line 108: @pytest.mark.xfail(run=True, reason="IMPALA-4295 on Centos6") Can we xfail this more selectively if it's just an OS version issue? E.g. GVO runs on ubuntu 16 now. This seems ok if a fix is imminent but otherwise the risk is that we never remove it from xfail. -- To view, visit http://gerrit.cloudera.org:8080/7675 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I5487f82d110676b9c3c7a5305931da00c7f68ca0 Gerrit-PatchSet: 2 Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-Owner: Henry Robinson <[email protected]> Gerrit-Reviewer: Henry Robinson <[email protected]> Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Tim Armstrong <[email protected]> Gerrit-HasComments: Yes
