mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benno Evers <bev...@mesosphere.com>
Subject Re: Review Request 70795: Updated SSL docs to include new libprocess flag.
Date Fri, 21 Jun 2019 11:09:28 GMT


> On June 21, 2019, 1:34 a.m., Till Toenshoff wrote:
> > docs/ssl.md
> > Lines 194 (patched)
> > <https://reviews.apache.org/r/70795/diff/3/?file=2151430#file2151430line194>
> >
> >     I wonder if we should already start a deprecation of the `libprocess` scheme
- that would be:
> >     - announcing that `openssl` will be standard soon on compatible boxes
> >     - announcing it to be gone at some point
> >     
> >     Or am I too eager for unification here?

It's actually a pretty big change - the 'libprocess' behaviour was built, I assume, to "magically"
work with normal certificates w/o IP addresses despite libprocess only knowing about IP addresses.
In DC/OS we don't notice most of it, since there all our certificates *do* contain the correct
IP address, but at least quite a few unit tests will break by switching the default.

So I actually agree we should do this deprecation, but I'm not sure about the timeline.


- Benno


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70795/#review216020
-----------------------------------------------------------


On June 20, 2019, 5:27 p.m., Benno Evers wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70795/
> -----------------------------------------------------------
> 
> (Updated June 20, 2019, 5:27 p.m.)
> 
> 
> Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, Joseph Wu, and Till
Toenshoff.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added a description of the new `--hostname_validation_algorithm` flag
> and corresponding `LIBPROCESS_SSL_HOSTNAME_VALIDATION_ALGORITHM`
> environment variable.
> 
> 
> Diffs
> -----
> 
>   docs/ssl.md ce5058896144aa7824986d40d996899d92cb7c1c 
> 
> 
> Diff: https://reviews.apache.org/r/70795/diff/3/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Benno Evers
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message