[
https://issues.apache.org/jira/browse/MESOS-9493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16725172#comment-16725172
]
Till Toenshoff commented on MESOS-9493:
---------------------------------------
Additionally, we can skip that {{gethostname}} altogether when the peer
certificate verification was based purely on the IP address;
https://github.com/apache/mesos/blob/8344f303ffd6429ffa781e7fd7de5d00d9946d78/3rdparty/libprocess/src/openssl.cpp#L99-L103
> libprocess may skip gethostname when accepting connections.
> -----------------------------------------------------------
>
> Key: MESOS-9493
> URL: https://issues.apache.org/jira/browse/MESOS-9493
> Project: Mesos
> Issue Type: Improvement
> Affects Versions: 1.8.0
> Reporter: Till Toenshoff
> Priority: Major
>
> libprocess, when accepting incoming connections on SSL/libevent builds, does
> attempt to retrieve the hostname for the peer address;
> https://github.com/apache/mesos/blob/8344f303ffd6429ffa781e7fd7de5d00d9946d78/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp#L1158-L1168
> The motivation for that step is the peer certificate verification, possibly
> happening later in that process;
> https://github.com/apache/mesos/blob/8344f303ffd6429ffa781e7fd7de5d00d9946d78/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp#L441
> The peer certificate verification however is optional and switched off by
> default:
> https://github.com/apache/mesos/blob/8344f303ffd6429ffa781e7fd7de5d00d9946d78/3rdparty/libprocess/src/openssl.cpp#L88-L97
> As an optimisation, we could skip the retrieval of the hostname when
> certificate verification was disabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
