[kudu-CR](branch-1.9.x) [security] KUDU-2695 fix CheckOpenSSLInitialized()
Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/12464 ) Change subject: [security] KUDU-2695 fix CheckOpenSSLInitialized() .. [security] KUDU-2695 fix CheckOpenSSLInitialized() With OpenSSL 1.1.0, the CRYPTO_get_locking_callback() and the whole old threading API has been removed. With the new threading API in OpenSSL, there is no need to set locking callbacks. In other words, starting with OpenSSL 1.1.0, the library is initialized to be multithread-safe, and that's exactly what Kudu needs from the OpenSSL's initialization. Prior to this patch, the sample C++ Kudu client application from $KUDU_ROOT/examples/cpp with added call of KUDU_CHECK_OK(kudu::client::DisableOpenSSLInitialization()); would fail on Ubuntu 18.04 with error message like below: Bad status: Runtime error: Locking callback not initialized Prior to this patch, the sample Python Kudu client application from $KUDU_HOME/examples/python/basic-python-example/basic_example.py was failing exactly as reported in KUDU-2695. With this patch, the same modified C++ Kudu client application works fine at Ubuntu 18.04 (OpenSSL 1.1.0g, with packages libssl-dev:amd64@1.1.0g-2ubuntu4.3, libssl1.1:amd64@1.1.0g-2ubuntu4.3). The above mentioned Python example also works as intended with this fix. I also verified that the kudu CLI utility works fine and uses TLS wire encryption with this patch. Change-Id: Ica7cf22ef81bbeffd25ef2826d925c41b97dc2d8 Reviewed-on: http://gerrit.cloudera.org:8080/12445 Reviewed-by: Adar Dembo Tested-by: Kudu Jenkins (cherry picked from commit 1b138a06a4222ad822a2b5cf05dcd0bf988371ef) Reviewed-on: http://gerrit.cloudera.org:8080/12464 Reviewed-by: Andrew Wong --- M src/kudu/client/client-unittest.cc M src/kudu/security/openssl_util.cc 2 files changed, 43 insertions(+), 8 deletions(-) Approvals: Andrew Wong: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/12464 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: branch-1.9.x Gerrit-MessageType: merged Gerrit-Change-Id: Ica7cf22ef81bbeffd25ef2826d925c41b97dc2d8 Gerrit-Change-Number: 12464 Gerrit-PatchSet: 2 Gerrit-Owner: Alexey Serbin Gerrit-Reviewer: Adar Dembo Gerrit-Reviewer: Alexey Serbin Gerrit-Reviewer: Andrew Wong Gerrit-Reviewer: Kudu Jenkins (120)
[kudu-CR](branch-1.9.x) [security] KUDU-2695 fix CheckOpenSSLInitialized()
Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/12464 ) Change subject: [security] KUDU-2695 fix CheckOpenSSLInitialized() .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/12464 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: branch-1.9.x Gerrit-MessageType: comment Gerrit-Change-Id: Ica7cf22ef81bbeffd25ef2826d925c41b97dc2d8 Gerrit-Change-Number: 12464 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin Gerrit-Reviewer: Adar Dembo Gerrit-Reviewer: Andrew Wong Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Wed, 13 Feb 2019 00:57:42 + Gerrit-HasComments: No
[kudu-CR](branch-1.9.x) [security] KUDU-2695 fix CheckOpenSSLInitialized()
Hello Kudu Jenkins, Adar Dembo, I'd like you to do a code review. Please visit http://gerrit.cloudera.org:8080/12464 to review the following change. Change subject: [security] KUDU-2695 fix CheckOpenSSLInitialized() .. [security] KUDU-2695 fix CheckOpenSSLInitialized() With OpenSSL 1.1.0, the CRYPTO_get_locking_callback() and the whole old threading API has been removed. With the new threading API in OpenSSL, there is no need to set locking callbacks. In other words, starting with OpenSSL 1.1.0, the library is initialized to be multithread-safe, and that's exactly what Kudu needs from the OpenSSL's initialization. Prior to this patch, the sample C++ Kudu client application from $KUDU_ROOT/examples/cpp with added call of KUDU_CHECK_OK(kudu::client::DisableOpenSSLInitialization()); would fail on Ubuntu 18.04 with error message like below: Bad status: Runtime error: Locking callback not initialized Prior to this patch, the sample Python Kudu client application from $KUDU_HOME/examples/python/basic-python-example/basic_example.py was failing exactly as reported in KUDU-2695. With this patch, the same modified C++ Kudu client application works fine at Ubuntu 18.04 (OpenSSL 1.1.0g, with packages libssl-dev:amd64@1.1.0g-2ubuntu4.3, libssl1.1:amd64@1.1.0g-2ubuntu4.3). The above mentioned Python example also works as intended with this fix. I also verified that the kudu CLI utility works fine and uses TLS wire encryption with this patch. Change-Id: Ica7cf22ef81bbeffd25ef2826d925c41b97dc2d8 Reviewed-on: http://gerrit.cloudera.org:8080/12445 Reviewed-by: Adar Dembo Tested-by: Kudu Jenkins (cherry picked from commit 1b138a06a4222ad822a2b5cf05dcd0bf988371ef) --- M src/kudu/client/client-unittest.cc M src/kudu/security/openssl_util.cc 2 files changed, 43 insertions(+), 8 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/64/12464/1 -- To view, visit http://gerrit.cloudera.org:8080/12464 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: branch-1.9.x Gerrit-MessageType: newchange Gerrit-Change-Id: Ica7cf22ef81bbeffd25ef2826d925c41b97dc2d8 Gerrit-Change-Number: 12464 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin Gerrit-Reviewer: Adar Dembo Gerrit-Reviewer: Kudu Jenkins (120)