Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/16657 )
Change subject: Add option to enforce FIPS approved mode ...................................................................... Patch Set 4: (1 comment) http://gerrit.cloudera.org:8080/#/c/16657/4/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: http://gerrit.cloudera.org:8080/#/c/16657/4/src/kudu/security/openssl_util.cc@130 PS4, Line 130: if (getenv("KUDU_REQUIRE_FIPS_MODE")) { : CHECK(fips_mode) << ": FIPS mode require by environment variable " : "KUDU_REQUIRE_FIPS_MODE, but it is not enabled."; If this is so important in case if Kudu initialized the OpenSSL library, I guess this check should also be performed in the control flow where the OpenSSL is initialized by the application itself (e.g., consider some Python app which uses Kudu client or a Kudu C++ application which uses Kudu C++ client). Probably, the check for this invariant should be performed regardless of the g_disable_ssl_init's value, no? -- To view, visit http://gerrit.cloudera.org:8080/16657 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I98a6a8b3330ea0b372b188690fadd4d312d8bf93 Gerrit-Change-Number: 16657 Gerrit-PatchSet: 4 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Tue, 27 Oct 2020 19:01:12 +0000 Gerrit-HasComments: Yes
