Alexey Serbin has posted comments on this change. Change subject: [rpc] add method to output TLS cipher description ......................................................................
Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/7217/1/src/kudu/security/tls_handshake.cc File src/kudu/security/tls_handshake.cc: Line 261: return "NONE"; > do we need to clear pending errors in this case? No, we don't. SSL_get_current_cipher() is simple as const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL)) return (s->session->cipher); return (NULL); } Line 264: return SSL_CIPHER_description(cipher, buf, sizeof(buf)); > if the provided buffer is too small, this returns null, and I think string( As I saw from the source, if the provided buffer were too small (<128 characters), this returns "Buffer too small" string (at least that's for openSSL 1.2.0). However, I'll change the code to handle the situation when it returns null (if it ever happens). There should be no errors pending on the stack -- the only function which could put an error is OpenSSL_malloc, but it's not engaged in the path since non-null buffer is passed as a parameter. BIO_snprintf() does not put any errors on the stack, AFAIK. -- To view, visit http://gerrit.cloudera.org:8080/7217 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia6f1c6a67b66fac1dacebe87e17a996af409e6d1 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
