mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rukletsov <ruklet...@gmail.com>
Subject Re: Review Request 70748: Disallow verification of empty TLS server certificates.
Date Fri, 31 May 2019 15:05:50 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70748/#review215616
-----------------------------------------------------------



The code looks good to me. Thanks!

As part of this change, either here or in separate reviews, let us:
- call out the modification in the changelog;
- mention taken approach in MESOS-9791 and explain why (based on the discussion we had with
Jan-Philip Gehrcke);
- update SSL flags description, in particular calling out that `REQUIRE_CERT` is applicable
for client mode only;
- update SSL documentation, in particular introduce suggested configuration and clarify the
behaviour in client and server modes based on set arguments (based on the table you showed
me offline);
- send a message to the user list regarding the use of anonymous ciphers


3rdparty/libprocess/src/openssl.cpp
Lines 742-743 (patched)
<https://reviews.apache.org/r/70748/#comment302368>

    blank comment line please



3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
Lines 74-75 (patched)
<https://reviews.apache.org/r/70748/#comment302369>

    ouch?



3rdparty/libprocess/src/tests/ssl_tests.cpp
Lines 287-290 (patched)
<https://reviews.apache.org/r/70748/#comment302371>

    Can we also test that a client must *not* present a cert? I believe the answer is _no_,
but a TODO or a NOTE could be helpful.



3rdparty/libprocess/src/tests/ssl_tests.cpp
Lines 290 (patched)
<https://reviews.apache.org/r/70748/#comment302372>

    s/VerifyAnonymousCipher/NoAnonymousCipherIfVerify/



3rdparty/libprocess/src/tests/ssl_tests.cpp
Lines 296 (patched)
<https://reviews.apache.org/r/70748/#comment302373>

    Let's mention that `ADH-AES256-SHA` is an anonymous cipher and maybe even link https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
?


- Alexander Rukletsov


On May 31, 2019, 2:34 p.m., Benno Evers wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70748/
> -----------------------------------------------------------
> 
> (Updated May 31, 2019, 2:34 p.m.)
> 
> 
> Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, and Till Toenshoff.
> 
> 
> Bugs: MESOS-9791
>     https://issues.apache.org/jira/browse/MESOS-9791
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> When in SSL client mode and `LIBPROCESS_SSL_VERIFY_CERT=true` has
> been set, enforce that the server actually presents a certificate
> that can be verified.
> 
> Note that in most cases, the TLS stack would rejected the connection
> before the code ever reaches `openssl::verify()`, since the TLS
> specification says that a server MUST always send a certificate
> unless an anonymous cipher is used.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/openssl.hpp 17bec246e516261f8d772f1647c17f092fae82d1 
>   3rdparty/libprocess/src/openssl.cpp e7dbd67913fa8e7fbbf60dee428e7e38895f86ce 
>   3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 29a1bf71c1df9d80370455a6269ecea0ec4193b0

>   3rdparty/libprocess/src/tests/ssl_tests.cpp 6b8496aeeed79ae1bd39d7013f4f403b248fdd4c

> 
> 
> Diff: https://reviews.apache.org/r/70748/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Benno Evers
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message