Alexey Serbin has posted comments on this change. Change subject: KuduRPC integration with OpenSSL ......................................................................
Patch Set 4: (1 comment) http://gerrit.cloudera.org:8080/#/c/4789/4/src/kudu/util/net/ssl_socket.cc File src/kudu/util/net/ssl_socket.cc: PS4, Line 116: // Get the peer's hostname : Sockaddr peer_addr; : if (!GetPeerAddress(&peer_addr).ok()) { : return Status::NetworkError("Handshake failed: Could not retreive peer address"); : } : std::string peer_hostname; : RETURN_NOT_OK(peer_addr.LookupHostname(&peer_hostname)); : : // Verify if the hostname and the CommonName match. : if (!VerifyHost(peer_hostname, common_name)) { : return Status::NetworkError("Handshake failed: Could not verify host with certificate"); : } > Like Todd already mentioned above, there might be IP address or IP network Sailesh pointed to the fact that those X509_VERIFY_PARAM_set1_xxx() methods are not available on CentOS 6.6 since it uses OpenSSL version 1.0.1<something>, while the method mentioned appeared in OpenSSL starting version 1.0.2. What do you guys think about bringing in that X509_VERIFY_PARAM and related code from OpenSSL v1.0.2 into the Kudu sources and compiling/linking them in into libkudu_security when OPENSSL_VERSION_NUMBER shows it's 1.0.1 or an earlier version? -- To view, visit http://gerrit.cloudera.org:8080/4789 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I27167faa4e6a78e59b46093055b16682c93af0ea Gerrit-PatchSet: 4 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes
