Dan Burkert has posted comments on this change. Change subject: TLS-negotiation [7/n]: Add TLS helper classes for handling tunneled TLS handshakes ......................................................................
Patch Set 6: (11 comments) http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: Line 127: case SSL_ERROR_SSL: > hrm, why call this out if it is just falling through? Done http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/ssl_factory.h File src/kudu/security/ssl_factory.h: Line 26: #include "kudu/security/tls_handshake.h" > necessary? Done http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_context.cc File src/kudu/security/tls_context.cc: Line 102: handshake->ssl_ = SSL_new(ctx_.get()); > can you add som echeck that handshake->ssl_ is nullptr here? otherwise you' Done http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_context.h File src/kudu/security/tls_context.h: Line 32: class TlsContext { > a bit of class doc would be nice (i.e this is one-per-server, more or less, Done PS5, Line 52: bool is_server > generally not a fan of bool arguments since it's not super clear from the c Done http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_handshake.cc File src/kudu/security/tls_handshake.cc: Line 43: CHECK_NOTNULL(ssl_); > I think this causes an unused result warning on gcc - better just CHECK(ssl Done Line 77: CHECK_NOTNULL(ssl_); > same Done PS5, Line 94: [] (X509* x) { X509_free(x); }) > can't just use '&X509_free'? is it a preprocessor macro or something? I'm going to switch this class over to using Alexey's helper methods / wrappers as soon as they get moved to security/. http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_handshake.h File src/kudu/security/tls_handshake.h: Line 38: public: > I think a constructor here which sets the fields to null (or just use field Done Line 61: // Returns true if the handshake process should continue. > hrm, is this redundant with the return value from Continue() above being In Done http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_socket.cc File src/kudu/security/tls_socket.cc: PS5, Line 96: resused > typo Done -- To view, visit http://gerrit.cloudera.org:8080/5761 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I6776dbdc488eee56f7273cdd8bcd2b2b8c1ffa04 Gerrit-PatchSet: 6 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
