Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/16657 )
Change subject: Add option to enforce FIPS approved mode ...................................................................... Patch Set 4: (1 comment) http://gerrit.cloudera.org:8080/#/c/16657/4/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: http://gerrit.cloudera.org:8080/#/c/16657/4/src/kudu/security/openssl_util.cc@130 PS4, Line 130: if (getenv("KUDU_REQUIRE_FIPS_MODE")) { : CHECK(fips_mode) << ": FIPS mode require by environment variable " : "KUDU_REQUIRE_FIPS_MODE, but it is not enabled."; > I think there is a misunderstanding here. The DisableOpenSSLInitialization As another thought: if we have such a trouble determining whether KUDU_REQUIRE_FIPS_MODE should or should not affect client applications that have OpenSSL initialized by themselves, maybe it's a good sign that there should be no KUDU_REQUIRE_FIPS_MODE variable at all and these semantics should be enforces only in case of Kudu servers, i.e. this should be implemented as a gflag, not a env variable? -- To view, visit http://gerrit.cloudera.org:8080/16657 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I98a6a8b3330ea0b372b188690fadd4d312d8bf93 Gerrit-Change-Number: 16657 Gerrit-PatchSet: 4 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Wed, 28 Oct 2020 19:58:44 +0000 Gerrit-HasComments: Yes
