Alexey Serbin has posted comments on this change. Change subject: KUDU-1964. security: avoid calling ERR_clear_error() defensively ......................................................................
Patch Set 1: (5 comments) http://gerrit.cloudera.org:8080/#/c/6552/1/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: PS1, Line 79: if (!ctx) { : ERR_clear_error(); : return Status::RuntimeError("SSL library appears uninitialized (cannot create SSL_CTX)"); : } Consider using OPENSSL_RET_IF_NULL() macro instead: it's more idiomatic and allows to see some information on the error. PS1, Line 110: ERR_clear_error(); Why is it necessary here? As I understand, DoInitializeOpenSSL() is the only method which can put errors into the per-thread error stack here, and we it seems we do pick up our errors from the error stack. And ERR_clear_error() has been called already in the very beginning of this function. http://gerrit.cloudera.org:8080/#/c/6552/1/src/kudu/security/openssl_util.h File src/kudu/security/openssl_util.h: PS1, Line 174: ERR_peek_last_error Why ERR_peek_last_error() instead of ERR_peek_error()? Please add a comment if it's crucial. http://gerrit.cloudera.org:8080/#/c/6552/1/src/kudu/security/tls_handshake.cc File src/kudu/security/tls_handshake.cc: PS1, Line 96: ERR_clear_error(); Consider removing this, otherwise the code below would not be able to extract error information from the error stack. Probably, the code should be rewritten like this: int ssl_err = SSL_get_error(ssl_.get(), rc); // WANT_READ and WANT_WRITE indicate that the handshake is not yet complete. if (ssl_err != SSL_ERROR_WANT_READ && ssl_err != SSL_ERROR_WANT_WRITE) { return Status::RuntimeError("TLS Handshake error", GetSSLErrorDescription(ssl_err)); } if (ERR_peak_error() != 0) { const string err_str = GetOpenSSLErrors(); DLOG(WARNING) << "SSL errors: " << err_str; } http://gerrit.cloudera.org:8080/#/c/6552/1/src/kudu/security/tls_socket.cc File src/kudu/security/tls_socket.cc: PS1, Line 57: ERR_clear_error(); I don't think it's needed. Even if it were needed, it would be better place for this inside the if (...) {} block below. -- To view, visit http://gerrit.cloudera.org:8080/6552 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3b4421f4aae4d0e5a2d938881f9eea4e07ff2b10 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Henry Robinson <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
