Adar Dembo has posted comments on this change. (
Change subject: WIP: KUDU-1889: support openssl 1.1
Patch Set 3:
PS3, Line 345: if (!req->req_info ||
> So is this safe to skip because sometime between 1.0.0 and 1.1.0, OpenSSL i
Whether or not it's safe is somewhat orthogonal: in OpenSSL 1.1 we can't access
these fields anymore, so even if we should check them, we can't.
Anyway, these checks are still live for pre-1.1.0 OpenSSL. Or maybe I'm
misunderstanding your question?
PS3, Line 114: OPENSSL_init_ssl(0, nullptr);
> What happens if the user application is buggy as per the check below, has a
I'm just going off the manpages, but yeah, the call is expected to be
idempotent. Notably, SSL_CTX_new() always returns not-null in 1.1 (because it
implicitly initializes the library), so we can't use that as a test to see if
someone else has initialized the library.
I didn't check the return value because I assumed that
SCOPED_OPENSSL_NO_PENDING_ERRORS would surface any error, as it does for the
various 1.0 initialization calls. I guess I could CHECK on it though.
PS3, Line 117: // In case the user's thread has left some error around, clear
> I think it might be crucial to keep in on top, doing the clean-up even if g
Okay. But we can't do that for 1.1; the library must be initialized before any
openssl error-related calls, otherwise we may leak memory.
To view, visit http://gerrit.cloudera.org:8080/10436
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Owner: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
Gerrit-Comment-Date: Thu, 17 May 2018 21:48:37 +0000