mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benno Evers <bev...@mesosphere.com>
Subject Re: Review Request 70748: Disallow verification of empty TLS server certificates.
Date Fri, 07 Jun 2019 14:56:51 GMT


> On May 31, 2019, 3:05 p.m., Alexander Rukletsov wrote:
> > The code looks good to me. Thanks!
> > 
> > As part of this change, either here or in separate reviews, let us:
> > - call out the modification in the changelog;
> > - mention taken approach in MESOS-9791 and explain why (based on the discussion
we had with Jan-Philip Gehrcke);
> > - update SSL flags description, in particular calling out that `REQUIRE_CERT` is
applicable for client mode only;
> > - update SSL documentation, in particular introduce suggested configuration and
clarify the behaviour in client and server modes based on set arguments (based on the table
you showed me offline);
> > - send a message to the user list regarding the use of anonymous ciphers

I posted the updated SSL documentation as a separate review at https://reviews.apache.org/r/70810/


- Benno


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70748/#review215616
-----------------------------------------------------------


On June 6, 2019, 11:12 p.m., Benno Evers wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70748/
> -----------------------------------------------------------
> 
> (Updated June 6, 2019, 11:12 p.m.)
> 
> 
> Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, Joseph Wu, and Till
Toenshoff.
> 
> 
> Bugs: MESOS-9810
>     https://issues.apache.org/jira/browse/MESOS-9810
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> When in SSL client mode and `LIBPROCESS_SSL_VERIFY_CERT=true` has
> been set, enforce that the server actually presents a certificate
> that can be verified.
> 
> Note that in most cases, the TLS stack would rejected the connection
> before the code ever reaches `openssl::verify()`, since the TLS
> specification that a server MUST always send a certificate unless
> an anonymous cipher is used.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/openssl.hpp 17bec246e516261f8d772f1647c17f092fae82d1 
>   3rdparty/libprocess/src/openssl.cpp e7dbd67913fa8e7fbbf60dee428e7e38895f86ce 
>   3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 29a1bf71c1df9d80370455a6269ecea0ec4193b0

>   3rdparty/libprocess/src/tests/ssl_tests.cpp 6b8496aeeed79ae1bd39d7013f4f403b248fdd4c

> 
> 
> Diff: https://reviews.apache.org/r/70748/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Benno Evers
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message