mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rukletsov <ruklet...@gmail.com>
Subject Re: Review Request 70749: WIP: Use openssl hostname validation.
Date Tue, 04 Jun 2019 11:39:58 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70749/#review215673
-----------------------------------------------------------




3rdparty/libprocess/src/openssl.cpp
Lines 142 (patched)
<https://reviews.apache.org/r/70749/#comment302457>

    Looks incomplete



3rdparty/libprocess/src/openssl.cpp
Lines 553-557 (patched)
<https://reviews.apache.org/r/70749/#comment302458>

    Please explain in the comment and also in the flag description why this choice.
    
    If you keep auto option, please log the changes to the flag value. Also it might make
sense to keep a separate variable for the actual value and keep user input unchanged (which
is not quite what we have done here).



3rdparty/libprocess/src/openssl.cpp
Lines 565-567 (patched)
<https://reviews.apache.org/r/70749/#comment302460>

    Hm, this is unfortunate. I wonder if we can use https://www.openssl.org/docs/manmaster/man3/SSL_get_verify_result.html
in combination with `SSL_VERIFY_NONE` to mimic the OR behaviour we currently have? Another
question is whether we need to support OR at all.



3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
Lines 530-533 (patched)
<https://reviews.apache.org/r/70749/#comment302461>

    Does it mean that hostname validation with the help of openssl is not supported for clients?


- Alexander Rukletsov


On May 31, 2019, 3:47 p.m., Benno Evers wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70749/
> -----------------------------------------------------------
> 
> (Updated May 31, 2019, 3:47 p.m.)
> 
> 
> Review request for mesos, Alexander Rukletsov and Joseph Wu.
> 
> 
> Bugs: MESOS-9809
>     https://issues.apache.org/jira/browse/MESOS-9809
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> WIP: Use openssl hostname validation.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/include/process/ssl/flags.hpp f3483f97f93bb29117b2c78f0f2ed9735d9c4b3a

>   3rdparty/libprocess/src/openssl.hpp 17bec246e516261f8d772f1647c17f092fae82d1 
>   3rdparty/libprocess/src/openssl.cpp e7dbd67913fa8e7fbbf60dee428e7e38895f86ce 
>   3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 29a1bf71c1df9d80370455a6269ecea0ec4193b0

> 
> 
> Diff: https://reviews.apache.org/r/70749/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Benno Evers
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message