Update OpenSSL #8956
Merged
Update OpenSSL #8956
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can we downgrade to 1.1.1 stable instead and wait for official 3.0.0 release (it's not even a beta yet) |
|
First I will finish this PR to see what will change. Then we can consider downgrading. |
|
Update of OpenSSL did not solve the TSan report: https://clickhouse-test-reports.s3.yandex.net/8956/b4d3ed83403033bdb293bd40f7f9055a6cf0d711/functional_stateless_tests_(thread)/stderr.log |
|
Performance test Ok. |
|
01017_uniqCombined_memory_usage
|
|
Update did not help. |
|
The issue is fixed. No errors after |
alexey-milovidov
added
the
pr-bugfix
|
Cannot provide an automated test case. It does not quickly reproduce even if I run in parallel. |
|
Now I will try to replace it with version 1.1.1. |
nikitamikhaylov
pushed a commit
that referenced
this pull request
Feb 28, 2020
Update OpenSSL (cherry picked from commit 86a4cca)
nikitamikhaylov
pushed a commit
that referenced
this pull request
Feb 28, 2020
Update OpenSSL (cherry picked from commit 86a4cca)
nikitamikhaylov
pushed a commit
that referenced
this pull request
Feb 29, 2020
Update OpenSSL (cherry picked from commit 86a4cca)
This was referenced Apr 24, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Update OpenSSL to upstream master. Fixed the issue when TLS connections may fail with the message
OpenSSL SSL_read: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal errorandSSL Exception: error:2400006E:random number generator::error retrieving entropy. The issue was present in version 20.1.Detailed description:
OpenSSL is using
getrandommethod on newer kernels and/dev/randomon old kernels. The functiongetrandomfromlibcis linked if it is present and it compromises the portability of the built binary. If we just disable thegetrandommethod in configuration, OpenSSL will fallback to/dev/randomwhich is also considered Ok. But in fact, on newer Linux kernels,/dev/randomcannot provide sufficient amount of entropy (whilegetrandomguarantee to succeed). To fix this issue while maintaining portability, we refergetrandomnot while static link stage but with dynamic symbol lookup (this method is also supported by OpenSSL). See the following patch: https://github.com/ClickHouse-Extras/openssl/pull/2/files