mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Till Toenshoff <toensh...@me.com>
Subject Re: Review Request 49401: Updated certificate validation to check 'IP Address' SAN.
Date Mon, 04 Jul 2016 16:09:50 GMT 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49401/
-----------------------------------------------------------

(Updated July 4, 2016, 4:09 p.m.)


Review request for mesos, Adam B, Albert Strasheim, Artem Harutyunyan, Joris Van Remoortere,
and Lukas Loesche.


Bugs: MESOS-5724
    https://issues.apache.org/jira/browse/MESOS-5724


Repository: mesos


Description (updated)
-------

Allows the verification of X509 certificates based on an IP address
instead of a hostname. Introduces a new environment variable;
\`SSL_VERIFY_IPADD\` which, when set to \`true\` will enable the
peer certificate verification to additionally rely on the IP
address of a connection.


Diffs (updated)
-----

  3rdparty/libprocess/src/libevent_ssl_socket.hpp 1dbdaa80d0726b3333caa1cefc89c57bb7609b64

  3rdparty/libprocess/src/libevent_ssl_socket.cpp 19d9ae59f1b474accaec924c4069c6b1ce995b46

  3rdparty/libprocess/src/openssl.hpp 7d5502545ec5f8c495bd1d3f58a0f4b71bcb3386 
  3rdparty/libprocess/src/openssl.cpp 0f62aa6ade1c95e506fd06aa4806557ba6583433 

Diff: https://reviews.apache.org/r/49401/diff/


Testing
-------

make check on OSX and various linux distros.


Thanks,

Till Toenshoff
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message