Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/16657 )
Change subject: KUDU-3210 Add option to enforce FIPS approved mode ...................................................................... Patch Set 11: Code-Review+1 (1 comment) Overall looks good, the only question left is about clearing errors which might left from a Kudu application that initialized openssl but didn't clear the error stack as needed (say, didn't do proper error handling of openssl errors). http://gerrit.cloudera.org:8080/#/c/16657/11/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: http://gerrit.cloudera.org:8080/#/c/16657/11/src/kudu/security/openssl_util.cc@160 PS11, Line 160: // In case the user's thread has left some error around, clear it. : ERR_clear_error(); : SCOPED_OPENSSL_NO_PENDING_ERRORS; I didn't notice that in the previous review round, but it seems the previous version of the code did this clean-up if the library was initialized externally. If those errors are left on the OpenSSL's error stack, openssl_util might hit those with SCOPED_OPENSSL_NO_PENDING_ERRORS check even if those errors are irrelevant. That was introduced here: https://github.com/apache/kudu/commit/5f1ca4f3948a61b22946255e4ada895c77bc6adf#diff-c9f685fcd94c68485fe3abda7982e97f6b4ced85d48de9fc72b90aa2d72dd02dR87-R89 Maybe, we need to keep this? I don't see any tests failing, but I guess we don't have a test case to cover this edge case. And I guess the placement of these lines before 'if (g_disable_ssl_init)' check was intentional. -- To view, visit http://gerrit.cloudera.org:8080/16657 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I98a6a8b3330ea0b372b188690fadd4d312d8bf93 Gerrit-Change-Number: 16657 Gerrit-PatchSet: 11 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Fri, 30 Oct 2020 18:58:12 +0000 Gerrit-HasComments: Yes
