You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Attila Bukor (Code Review)" <ge...@cloudera.org> on 2020/10/27 15:26:36 UTC
[kudu-CR] Add lock before verifying signature
Hello Alexey Serbin, Kudu Jenkins, Grant Henke, Wenzhe Zhou,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/16659
to look at the new patch set (#2).
Change subject: Add lock before verifying signature
......................................................................
Add lock before verifying signature
It seems there is a race condition somewhere in OpenSSL FIPS Object
Module, or at least in SafeLogic CryptoComply for Servers, as a
certificate can get corrupted when multiple certificates are being
verified in the same time. This commits adds additional locking to
crypto and TLS context/handshake to prevent this from happening.
Change-Id: Ifafc7dcf91db910123276b657515e410bb7f6fcd
---
M src/kudu/security/crypto.cc
M src/kudu/security/tls_context.cc
M src/kudu/security/tls_handshake.cc
3 files changed, 32 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/59/16659/2
--
To view, visit http://gerrit.cloudera.org:8080/16659
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ifafc7dcf91db910123276b657515e410bb7f6fcd
Gerrit-Change-Number: 16659
Gerrit-PatchSet: 2
Gerrit-Owner: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Grant Henke <gr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>