mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benno Evers <>
Subject Re: Review Request 70748: Disallow verification of empty TLS server certificates.
Date Thu, 06 Jun 2019 23:12:40 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated June 6, 2019, 11:12 p.m.)

Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, Joseph Wu, and Till Toenshoff.


Address review comments.

Bugs: MESOS-9810

Repository: mesos

Description (updated)

When in SSL client mode and `LIBPROCESS_SSL_VERIFY_CERT=true` has
been set, enforce that the server actually presents a certificate
that can be verified.

Note that in most cases, the TLS stack would rejected the connection
before the code ever reaches `openssl::verify()`, since the TLS
specification that a server MUST always send a certificate unless
an anonymous cipher is used.

Diffs (updated)

  3rdparty/libprocess/src/openssl.hpp 17bec246e516261f8d772f1647c17f092fae82d1 
  3rdparty/libprocess/src/openssl.cpp e7dbd67913fa8e7fbbf60dee428e7e38895f86ce 
  3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 29a1bf71c1df9d80370455a6269ecea0ec4193b0

  3rdparty/libprocess/src/tests/ssl_tests.cpp 6b8496aeeed79ae1bd39d7013f4f403b248fdd4c 





Benno Evers

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message