Sailesh Mukil has posted comments on this change. Change subject: IMPALA-5800: Configure Squeasel's cipher suite and TLS version ......................................................................
Patch Set 2: (4 comments) http://gerrit.cloudera.org:8080/#/c/7679/1//COMMIT_MSG Commit Message: PS1, Line 10: https://github.com/cloudera/squeasel/commit/1e5f611 > It's the right commit - a bugfix for the previous one. I would add a reference to this as well, to avoid confusion: https://github.com/cloudera/squeasel/commit/70d3b5aa0e55aea2af1f552f1fb7e334b327c731 http://gerrit.cloudera.org:8080/#/c/7679/1/be/src/thirdparty/squeasel/squeasel.c File be/src/thirdparty/squeasel/squeasel.c: Line 4232: #endif > I don't think that's what happens - won't the 'else' branch below get taken Oops, brainfart, you're right. http://gerrit.cloudera.org:8080/#/c/7679/2/be/src/thirdparty/squeasel/squeasel.c File be/src/thirdparty/squeasel/squeasel.c: PS2, Line 4275: ctx->config[SSL_CIPHERS] In our case, this will never be NULL right? Since our ssl_cipher_list flag defaults to an empty string: https://github.com/apache/incubator-impala/blob/b70acf92bfe7acf69775818cc16369b7527dd5e2/be/src/service/impala-server.cc#L176-L180 Do we know how OpenSSL handles an empty string? I tried looking up the docs but couldn't find any references. http://gerrit.cloudera.org:8080/#/c/7679/2/be/src/util/webserver-test.cc File be/src/util/webserver-test.cc: PS2, Line 251: SslBadCipherSuite Thanks for adding the test. This shouldn't be called "SslBadCipherSuite" now though. Your call on whether you want to split the good test out or just have a more accommodating test name. -- To view, visit http://gerrit.cloudera.org:8080/7679 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I23fb17257098992c65e50c1e83a905c9a85db6a2 Gerrit-PatchSet: 2 Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-Owner: Henry Robinson <he...@cloudera.com> Gerrit-Reviewer: Henry Robinson <he...@cloudera.com> Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-HasComments: Yes