Dan Burkert has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/10436 )

Change subject: WIP: KUDU-1889: support openssl 1.1
......................................................................


Patch Set 3:

(4 comments)

http://gerrit.cloudera.org:8080/#/c/10436/3/src/kudu/security/ca/cert_management.cc
File src/kudu/security/ca/cert_management.cc:

http://gerrit.cloudera.org:8080/#/c/10436/3/src/kudu/security/ca/cert_management.cc@345
PS3, Line 345:   if (!req->req_info ||
So is this safe to skip because sometime between 1.0.0 and 1.1.0, OpenSSL is 
now able to handle such a corrupted CSR properly by returning nullptr from 
X509_REQ_get_pubkey?  The manpage for 1.1.0 says this is the case, but that 
manpage doesn't exist for < 1.1.0 afaict.


http://gerrit.cloudera.org:8080/#/c/10436/3/src/kudu/security/crypto.cc
File src/kudu/security/crypto.cc:

http://gerrit.cloudera.org:8080/#/c/10436/3/src/kudu/security/crypto.cc@94
PS3, Line 94:   static constexpr auto kFreeFunc = &EVP_MD_CTX_free;
I get the feeling that the OpenSSL developers are intentionally fucking with 
developers.


http://gerrit.cloudera.org:8080/#/c/10436/3/src/kudu/security/openssl_util.cc
File src/kudu/security/openssl_util.cc:

http://gerrit.cloudera.org:8080/#/c/10436/3/src/kudu/security/openssl_util.cc@98
PS3, Line 98: initialisation
ah this explains the misanthropy


http://gerrit.cloudera.org:8080/#/c/10436/3/src/kudu/security/openssl_util.cc@114
PS3, Line 114:   OPENSSL_init_ssl(0, nullptr);
What happens if the user application is buggy as per the check below, has 
already initialized OpenSSL either implicitly or explicitly, and then we 
initialize explicitly here? (I checked the man page and it implies idempotency, 
so I suspect it's fine)

Related, there's a return integer from OEPNSSL_init_ssl, should it be checked?



--
To view, visit http://gerrit.cloudera.org:8080/10436
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If1e1c57b5563d1a4cd926b4c4a9a3c271460be04
Gerrit-Change-Number: 10436
Gerrit-PatchSet: 3
Gerrit-Owner: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
Gerrit-Comment-Date: Thu, 17 May 2018 18:32:56 +0000
Gerrit-HasComments: Yes

Reply via email to