[jira] [Commented] (MESOS-9811) Don't use reverse DNS for hostname validation

Benno Evers (JIRA) Wed, 19 Jun 2019 07:49:41 -0700


    [ 
https://issues.apache.org/jira/browse/MESOS-9811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867724#comment-16867724
 ]


Benno Evers commented on MESOS-9811:
------------------------------------

Review: https://reviews.apache.org/r/70749/

> Don't use reverse DNS for hostname validation
> ---------------------------------------------
>
>                 Key: MESOS-9811
>                 URL: https://issues.apache.org/jira/browse/MESOS-9811
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Benno Evers
>            Priority: Major
>              Labels: foundations, libprocess, ssl
>
> Upon connection we first resolve the hostname and forget about it
> https://github.com/apache/mesos/blob/master/3rdparty/libprocess/src/http.cpp#L1462-L1504
> then later use reverse DNS on the remote address to get back a hostname
> https://github.com/apache/mesos/blob/4708c2a368e12a89669135f47777d0dd05d9b0b2/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp#L548-L556
> and verify the server certificate against *that*.
> Instead, we should verify the server certificate against the hostname that 
> was used by t he client to initiate the connection.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (MESOS-9811) Don't use reverse DNS for hostname validation

Reply via email to