Alexey Serbin has posted comments on this change. Change subject: KUDU-1964. security: avoid calling ERR_clear_error() defensively ......................................................................
Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/6552/1/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: PS1, Line 79: if (!ctx) { : ERR_clear_error(); : return Status::RuntimeError("SSL library appears uninitialized (cannot create SSL_CTX)"); : } > I don't think we want to spit back the internal error here (it's pretty ugl Oh, I see: this is used only to check whether the library is initialized. Indeed, in this context it does not make much sense to give more information on the exact error. http://gerrit.cloudera.org:8080/#/c/6552/1/src/kudu/security/tls_handshake.cc File src/kudu/security/tls_handshake.cc: PS1, Line 96: ERR_clear_error(); > wouldn't your code end up generating warnings on every WANT_READ/WANT_WRITE I also checked SSL_get_error() code, from which I saw that in current version nothing should be on the error stack in case of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The 'if (ERR_peek_error() != 0) { ... }' closure is to spot a problem if we switch to some other version where the implementation changes and we start having some errors on the stack for SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. :) -- To view, visit http://gerrit.cloudera.org:8080/6552 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3b4421f4aae4d0e5a2d938881f9eea4e07ff2b10 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Henry Robinson <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
