Alexey Serbin has posted comments on this change. Change subject: [security] add --rpc_tls_ciphers flag ......................................................................
Patch Set 7: (3 comments) http://gerrit.cloudera.org:8080/#/c/6055/7/src/kudu/security/tls_context.cc File src/kudu/security/tls_context.cc: PS7, Line 119: c_unique_ptr<EC_KEY> ecdh { EC_KEY_new_by_curve_name(NID_X9_62_prime256v1), &EC_KEY_free }; Why not to add corresponding trait template<> struct SslTypeTraits<EC_KEY> { static constexpr auto free = &EC_KEY_free; }; and then use commonly used pattern auto ecdh = ssl_make_unique(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); PS7, Line 125: Unlike most other OpenSSL APIs, set_ecdhe_auto : // return 0 on failure. I wouldn't say 'unlike' here -- most of those API calls return 0 or something less that 0 in case of an error. PS7, Line 127: if (SSL_CTX_set_ecdh_auto(ctx_.get(), 1) == 0) { Consider using OPENSSL_RET_NOT_OK instead: OPENSSL_RET_NOT_OK(SSL_CTX_set_ecdh_auto(ctx_.get(), 1), "failed to configure ECDH support"); -- To view, visit http://gerrit.cloudera.org:8080/6055 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I050e2295041a98fe2c3118c6258b910423bd3816 Gerrit-PatchSet: 7 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
