mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benno Evers <bev...@mesosphere.com>
Subject Re: Review Request 71497: Introduced new names for SSL-related libprocess flags.
Date Wed, 18 Sep 2019 12:53:50 GMT


> On Sept. 18, 2019, 9:50 a.m., Till Toenshoff wrote:
> > 3rdparty/libprocess/src/openssl.cpp
> > Lines 545-547 (patched)
> > <https://reviews.apache.org/r/71497/diff/1/?file=2165499#file2165499line545>
> >
> >     We are stating that there would be a deprecation; does that mean at some point
this flag won't work anymore? If so when?
> >     
> >     Our experience with such changes shows that we will very likely never kill the
old name to make sure we stay reliably compatible. The only realistic option appears to be
Mesos 2.0 for a removal of the old flag. Let's create a blocker ticket for 2.0, add that as
a comment referencing the JIRA and we are golden.

https://issues.apache.org/jira/browse/MESOS-9973


- Benno


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71497/#review217787
-----------------------------------------------------------


On Sept. 18, 2019, 12:35 p.m., Benno Evers wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71497/
> -----------------------------------------------------------
> 
> (Updated Sept. 18, 2019, 12:35 p.m.)
> 
> 
> Review request for mesos, Greg Mann and Till Toenshoff.
> 
> 
> Bugs: MESOS-9972
>     https://issues.apache.org/jira/browse/MESOS-9972
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The `LIBPROCESS_SSL_REQUIRE_CERT` flag was renamed to
> `LIBPROCESS_SSL_REQUIRE_CLIENT_CERT`.
> 
> The `LIBPROCESS_SSL_VERIFY_CERT` flag was renamed to
> `LIBPROCESS_SSL_VERIFY_SERVER_CERT`.
> 
> The new names better describe the actual effect of both flags, and
> make upgrades easier by allowing operators to only enable verification
> on agents that are new enough to contain the updated hostname
> validation code paths.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/include/process/ssl/flags.hpp 1a0e3820cc8cd1459625f46a54b194133500f11e

>   3rdparty/libprocess/src/openssl.hpp 271cc95238d287c06df36478554502e8b7205b09 
>   3rdparty/libprocess/src/openssl.cpp 5854711971c9ebc4d676edc43af5ab5cfd5ea4c6 
>   3rdparty/libprocess/src/tests/ssl_tests.cpp 9d5ab679165a709f7c3740020961ec89a7db4f54

>   docs/ssl.md 90a2eb9800b7d8d9aa9d7b1060a6e5eb9e124b02 
>   docs/upgrades.md e630731c332fdd7df788f96644a8084f30b5c621 
> 
> 
> Diff: https://reviews.apache.org/r/71497/diff/3/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Benno Evers
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message