mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Park" <mcyp...@gmail.com>
Subject Re: Review Request 29406: Introduce libevent ssl socket.
Date Mon, 15 Jun 2015 22:26:32 GMT


> On June 15, 2015, 5:28 p.m., Jojy Varghese wrote:
> > 3rdparty/libprocess/include/process/address.hpp, line 84
> > <https://reviews.apache.org/r/29406/diff/29/?file=984330#file984330line84>
> >
> >     There are a few "if family == INET" (or similar) in the code. By specializing
the net address structures on FAMILY, we will get rid of them. As most of the network structures
(socket for example)  are classified based on family, this should naturally fit into the overall
scheme.

I think we'll probably want a version-agnostic one as well as specialized ones if we care
about supporting the differences IPv4 and IPv6. `Boost.Asio` and the proposed networking library
for the C++ standard based on it provide `address`, `address_v4` and `address_v6` for example.
We could provide the same alternatives via template specializations, but my point is that
we'll probably want to keep the version-agnostic one for cases where we can't know or don't
care which version we have.


- Michael


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29406/#review87936
-----------------------------------------------------------


On June 13, 2015, 9:23 a.m., Joris Van Remoortere wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29406/
> -----------------------------------------------------------
> 
> (Updated June 13, 2015, 9:23 a.m.)
> 
> 
> Review request for mesos, Benjamin Hindman and Michael Park.
> 
> 
> Bugs: MESOS-1913
>     https://issues.apache.org/jira/browse/MESOS-1913
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Requires:
> configure --enable-libevent --enable-libevent-socket --enable-ssl
> New environment variables:
> ```
> SSL_ENABLED=(false|0,true|1)
> SSL_CERT_FILE=(path to certificate)
> SSL_KEY_FILE=(path to key)
> SSL_VERIFY_CERT=(false|0,true|1)
> SSL_REQUIRE_CERT=(false|0,true|1)
> SSL_VERIFY_DEPTH=(4)
> SSL_CA_DIR=(path to CA directory)
> SSL_CA_FILE=(path to CA file)
> SSL_CIPHERS=(accepted ciphers separated by ':')
> SSL_ENABLE_SSL_V2=(false|0,true|1)
> SSL_ENABLE_SSL_V3=(false|0,true|1)
> SSL_ENABLE_TLS_V1_0=(false|0,true|1)
> SSL_ENABLE_TLS_V1_1=(false|0,true|1)
> SSL_ENABLE_TLS_V1_2=(false|0,true|1)
> ```
> 
> Only TLSV1.2 is enabled by default.
> Use the `ENABLE_SSL_V*` and `ENABLE_TLS_V*` environment variables to open up more protocols.
> Use the `SSL_CIPHERS` environment variable to restrict or open up the supported ciphers.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/Makefile.am 489ce359f383d819299335cbaa8c95724b0c6ac2 
>   3rdparty/libprocess/include/process/address.hpp 729f5cd7ea981e43a33c1fe9d99d58b906a31158

>   3rdparty/libprocess/include/process/socket.hpp b8c2274de535ac473e49a09165b601c96d3ebe8b

>   3rdparty/libprocess/src/libevent.hpp f6cc72178613a30446629532a773afccfd404212 
>   3rdparty/libprocess/src/libevent.cpp fb038597358135a06c1927d079cb7cb09fea7452 
>   3rdparty/libprocess/src/libevent_ssl_socket.hpp PRE-CREATION 
>   3rdparty/libprocess/src/libevent_ssl_socket.cpp PRE-CREATION 
>   3rdparty/libprocess/src/openssl.hpp PRE-CREATION 
>   3rdparty/libprocess/src/openssl.cpp PRE-CREATION 
>   3rdparty/libprocess/src/process.cpp aadd7bb0ae12b93336900c76d8d5aaa4421ea198 
>   3rdparty/libprocess/src/socket.cpp 0e1cebb19e21c706b152d35a0b8722924c971a35 
> 
> Diff: https://reviews.apache.org/r/29406/diff/
> 
> 
> Testing
> -------
> 
> make check (uses non-ssl socket)
> benchmarks using ssl sockets
> master, slave, framework, webui launch with ssl sockets
> 
> 
> Thanks,
> 
> Joris Van Remoortere
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message