Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/16631 )
Change subject: Fix order of clearing and printing openssl error ...................................................................... Patch Set 3: (1 comment) http://gerrit.cloudera.org:8080/#/c/16631/3/src/kudu/security/tls_context.cc File src/kudu/security/tls_context.cc: http://gerrit.cloudera.org:8080/#/c/16631/3/src/kudu/security/tls_context.cc@249 PS3, Line 249: ERR_clear_error(); Is this still necessary to add ERR_clear_error() after calling GetOpenSSLError() above? I thought X509_verify_cert() put something into the error stack and X509NameToString() hit it with SCOPED_OPENSSL_NO_PENDING_ERRORS. As I can see, X509_STORE_CTX_get_error() is just an accessor to a field, so it wouldn't add anything new in there: https://github.com/openssl/openssl/blob/d1fb6b481b1d70932a1435f83eae10cc68edbe36/crypto/x509/x509_vfy.c#L2177-L2180 Or X509_STORE_CTX_get_error() is something else in CaseLogic's implementation? -- To view, visit http://gerrit.cloudera.org:8080/16631 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I3f78bdedce7a976a6e8117bb8683032dd917c626 Gerrit-Change-Number: 16631 Gerrit-PatchSet: 3 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Fri, 23 Oct 2020 15:24:20 +0000 Gerrit-HasComments: Yes
