[
https://issues.apache.org/jira/browse/MESOS-6981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15838929#comment-15838929
]
Till Toenshoff commented on MESOS-6981:
---------------------------------------
The implementation should be straight-forward. We would add a new SSL-flag;
e.g. `LIBPROCESS_SSL_WEAK_VERIFY`.
Then we add
{noformat}
if (!ssl_flags->weak_verify) {
return Nothing();
}
{noformat}
here
https://github.com/apache/mesos/blob/16f479d151d5a6554f8ebfcedfdc6b62dc7a0edb/3rdparty/libprocess/src/openssl.cpp#L646
> Allow disabling name based SSL checks
> -------------------------------------
>
> Key: MESOS-6981
> URL: https://issues.apache.org/jira/browse/MESOS-6981
> Project: Mesos
> Issue Type: Improvement
> Components: libprocess
> Reporter: Kevin Cox
> Labels: mesosphere, security
>
> Currently if you want to use verified certificates you need to enable
> validation by hostname or IP. However if you are running your own CA for
> these certificates it is often sufficient to verify solely based on the CA
> signature.
> For example if an admin wants to connect it is a pain to make sure that they
> always have a valid certificate for their IP or reverse DNS. It would be nice
> if the admin could be given a certificate that was trusted no matter where he
> is.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
