Attila Bukor has posted comments on this change. ( http://gerrit.cloudera.org:8080/16657 )
Change subject: Add option to enforce FIPS approved mode ...................................................................... Patch Set 6: (2 comments) http://gerrit.cloudera.org:8080/#/c/16657/4/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: http://gerrit.cloudera.org:8080/#/c/16657/4/src/kudu/security/openssl_util.cc@130 PS4, Line 130: #if OPENSSL_VERSION_NUMBER >= 0x10100000L : // The OPENSSL_init_ssl manpage [1] says "As of version 1.1.0 OpenSSL will : // automatically allocate all resources it needs so no explicit initialis > Let's start with a simple question: what should be the behavior when KUDU_R That's what I'm not sure about. On one hand, it would make sense that it crashes, as it's set to require, but on the other hand, the client application clearly indicated that it doesn't want Kudu to initialize OpenSSL, and Kudu should trust that OpenSSL is set up however the application wants to. In this case, these contradict each other. http://gerrit.cloudera.org:8080/#/c/16657/6/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: http://gerrit.cloudera.org:8080/#/c/16657/6/src/kudu/security/openssl_util.cc@198 PS6, Line 198: CHECK(fips_mode) << "FIPS mode required by environment variable " : "KUDU_REQUIRE_FIPS_MODE, but it is not enabled."; > Does it make sense to add a test to track regressions, if any? We have a p Not sure. Are you suggesting to wrap the FIPS_mode() in another function call and mock it? -- To view, visit http://gerrit.cloudera.org:8080/16657 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I98a6a8b3330ea0b372b188690fadd4d312d8bf93 Gerrit-Change-Number: 16657 Gerrit-PatchSet: 6 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Wed, 28 Oct 2020 19:18:52 +0000 Gerrit-HasComments: Yes
