mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Till Toenshoff <toensh...@me.com>
Subject Re: Review Request 49400: Extended utilities to render certificate extension for IP.
Date Thu, 30 Jun 2016 19:37:58 GMT


> On June 30, 2016, 2:51 p.m., Joris Van Remoortere wrote:
> > 3rdparty/libprocess/src/ssl/utilities.cpp, lines 240-243
> > <https://reviews.apache.org/r/49400/diff/1/?file=1433533#file1433533line240>
> >
> >     I'm not sure I understand why this works.
> >     `in_addr.get().s_addr` is a uint. Aren't we supposed to be copying a string
in this case?
> >     
> >     If it *is* supposed to be a binary IP this definitely deserves a comment. The
documentation doesn't make it clear to me that this can be binary instead of a string.
> 
> Till Toenshoff wrote:
>     It is indeed a binary.

See the OpenSSL sources: https://github.com/openssl/openssl/blob/master/crypto/x509v3/v3_alt.c#L101
See e.g. this implementation: http://bxr.su/OpenBSD/regress/lib/libtls/verify/verifytest.c#136


- Till


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49400/#review140164
-----------------------------------------------------------


On June 30, 2016, 12:19 a.m., Till Toenshoff wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49400/
> -----------------------------------------------------------
> 
> (Updated June 30, 2016, 12:19 a.m.)
> 
> 
> Review request for mesos, Adam B, Albert Strasheim, Artem Harutyunyan, Joris Van Remoortere,
and Lukas Loesche.
> 
> 
> Bugs: MESOS-5724
>     https://issues.apache.org/jira/browse/MESOS-5724
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Adds the ability to render a subject alternative name based on a given
> IP address within a X509 certificate extension. Additionally the
> libprocess test suite makes use of this feature.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/include/process/ssl/gtest.hpp 5435ddd 
>   3rdparty/libprocess/include/process/ssl/utilities.hpp ad9ec5d 
>   3rdparty/libprocess/src/ssl/utilities.cpp d23f462 
> 
> Diff: https://reviews.apache.org/r/49400/diff/
> 
> 
> Testing
> -------
> 
> make check on OSX and various linux distros.
> 
> Functional testing by validating a rendered certificate;
> 
> ```
> openssl x509 -text -noout -in "temp_cert_file_name"
> ```
> 
> 
> Thanks,
> 
> Till Toenshoff
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message