hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11216) Improve Openssl library finding
Date Wed, 29 Oct 2014 14:26:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14188392#comment-14188392
] 

Yi Liu commented on HADOOP-11216:
---------------------------------

Thanks Colin, there are two issues in current patch.
*1.*
{{set_find_shared_library_version}} is removed, then both shared library and static library
can be candidate, if there is no {{libcrypto.so}} (no suffix), but {{libcrypto.a}} exists,
then the static library will be used, it's not expected. I have confirmed the behavior in
my local environment.
We should only  find the shared library with no suffix.
*2.*
{quote}
It adds a compile-time check that the openssl version we're compiling against is not too old.
{quote}
This only check the header file, then there is potential issue:
User specify custom openssl and the version is enough new, so the header file passes check,
but there is no {{libcrypto.so}}, and {{bundle.openssl}} is set, then the old openssl shared
library in system path is bundled, that's not expected.
So we should also check the found openssl library is in the same location as the found openssl
header file.

> Improve Openssl library finding
> -------------------------------
>
>                 Key: HADOOP-11216
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11216
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Yi Liu
>            Assignee: Colin Patrick McCabe
>         Attachments: HADOOP-11216.003.patch, HADOOP-11216.004.patch
>
>
> When we compile Openssl 1.0.0\(x\) or 1.0.1\(x\) using default options, there will be
{{libcrypto.so.1.0.0}} in output lib dir, so we expect this version suffix in cmake build
file
> {code}
> SET(STORED_CMAKE_FIND_LIBRARY_SUFFIXES CMAKE_FIND_LIBRARY_SUFFIXES)
> set_find_shared_library_version("1.0.0")
> SET(OPENSSL_NAME "crypto")
> ....
> {code}
> If we don't bundle the crypto shared library in Hadoop distribution, then Hadoop will
try to find crypto library in system path when running.
> But in real linux distribution, there may be no {{libcrypto.so.1.0.0}} or {{libcrypto.so}}
even the system embedded openssl is 1.0.1\(x\).  Then we need to make symbolic link.
> This JIRA is to improve the Openssl library finding.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message