mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Till Toenshoff <toensh...@me.com>
Subject Re: Review Request 49401: Updated certificate validation to check 'IP Address' SAN.
Date Thu, 30 Jun 2016 13:40:21 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49401/
-----------------------------------------------------------

(Updated June 30, 2016, 1:40 p.m.)


Review request for mesos, Adam B, Albert Strasheim, Artem Harutyunyan, Joris Van Remoortere,
and Lukas Loesche.


Bugs: MESOS-5724
    https://issues.apache.org/jira/browse/MESOS-5724


Repository: mesos


Description
-------

Allows the verification of X509 certificates based on an IP address
instead of a hostname. Introduces a new environment variable;
`SSL_VERIFY_IPADD` which, when set to `true` will disable any
attempts to reverse-/lookup the hostname for certificate validation.
Instead the peer certificate verification then relies on the IP
address of a connection.


Diffs (updated)
-----

  3rdparty/libprocess/src/libevent_ssl_socket.hpp 1dbdaa8 
  3rdparty/libprocess/src/libevent_ssl_socket.cpp 19d9ae5 
  3rdparty/libprocess/src/openssl.hpp 7d55025 
  3rdparty/libprocess/src/openssl.cpp 0f62aa6 

Diff: https://reviews.apache.org/r/49401/diff/


Testing
-------

make check on OSX and various linux distros.


Thanks,

Till Toenshoff


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message