Todd Lipcon has posted comments on this change. Change subject: TLS-negotiation [7/n]: Add TLS helper classes for handling tunneled TLS handshakes ......................................................................
Patch Set 5: (13 comments) http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: Line 127: case SSL_ERROR_SSL: hrm, why call this out if it is just falling through? http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/ssl_factory.h File src/kudu/security/ssl_factory.h: Line 26: #include "kudu/security/tls_handshake.h" necessary? http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_context.cc File src/kudu/security/tls_context.cc: Line 102: handshake->ssl_ = SSL_new(ctx_.get()); can you add som echeck that handshake->ssl_ is nullptr here? otherwise you'd have a leak if you tried to use this twice on the same TlsHandshake http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_context.h File src/kudu/security/tls_context.h: Line 32: class TlsContext { a bit of class doc would be nice (i.e this is one-per-server, more or less, not one-per-connection... corresponds to SSL_CTX, etc) PS5, Line 52: bool is_server generally not a fan of bool arguments since it's not super clear from the call site what they mean. perhaps an enum here? http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_handshake.cc File src/kudu/security/tls_handshake.cc: Line 43: CHECK_NOTNULL(ssl_); I think this causes an unused result warning on gcc - better just CHECK(ssl_). or below SSL_do_handshake(CHECK_NOTNULL(ssl_)); Line 77: CHECK_NOTNULL(ssl_); same PS5, Line 94: [] (X509* x) { X509_free(x); }) can't just use '&X509_free'? is it a preprocessor macro or something? http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_handshake.h File src/kudu/security/tls_handshake.h: Line 38: public: I think a constructor here which sets the fields to null (or just use field initializers below) would be nice Line 61: // Returns true if the handshake process should continue. hrm, is this redundant with the return value from Continue() above being Incomplete? Line 75: // Owned SSL handle. if it's owned, how come there is no dtor which does some SSL_free or anything? http://gerrit.cloudera.org:8080/#/c/5761/5/src/kudu/security/tls_socket.cc File src/kudu/security/tls_socket.cc: Line 28: TlsSocket::TlsSocket(int fd, SSL* ssl) hrm, why no dtor to free ssl_ in the case that shutdown didn't get called? or if you really require Shutdown to be called, a CHECK? PS5, Line 96: resused typo -- To view, visit http://gerrit.cloudera.org:8080/5761 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I6776dbdc488eee56f7273cdd8bcd2b2b8c1ffa04 Gerrit-PatchSet: 5 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes