[ https://issues.apache.org/jira/browse/MESOS-9972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934655#comment-16934655 ]
Benno Evers commented on MESOS-9972: ------------------------------------ https://reviews.apache.org/r/71497/ [master] {noformat} commit 9f1d38f491e8d9c02bebb094da87467bb70a8d27 Author: Benno Evers <bev...@mesosphere.com> Date: Tue Sep 17 14:04:35 2019 +0200 Introduced new names for SSL-related libprocess flags. The `LIBPROCESS_SSL_REQUIRE_CERT` flag was renamed to `LIBPROCESS_SSL_REQUIRE_CLIENT_CERT`. The `LIBPROCESS_SSL_VERIFY_CERT` flag was renamed to `LIBPROCESS_SSL_VERIFY_SERVER_CERT`. The new names better describe the actual effect of both flags, and make upgrades easier by allowing operators to only enable verification on agents that are new enough to contain the updated hostname validation code paths. Review: https://reviews.apache.org/r/71497 {noformat} [1.9] {noformat} commit a8325853a01c2dd597fabe84c437ecfd46fb9c0c Author: Benno Evers <bev...@mesosphere.com> Date: Tue Sep 17 14:04:35 2019 +0200 Introduced new names for SSL-related libprocess flags. The `LIBPROCESS_SSL_REQUIRE_CERT` flag was renamed to `LIBPROCESS_SSL_REQUIRE_CLIENT_CERT`. The `LIBPROCESS_SSL_VERIFY_CERT` flag was renamed to `LIBPROCESS_SSL_VERIFY_SERVER_CERT`. The new names better describe the actual effect of both flags, and make upgrades easier by allowing operators to only enable verification on agents that are new enough to contain the updated hostname validation code paths. Review: https://reviews.apache.org/r/71497 {noformat} > Update Names for TLS-related environment variables in libprocess. > ----------------------------------------------------------------- > > Key: MESOS-9972 > URL: https://issues.apache.org/jira/browse/MESOS-9972 > Project: Mesos > Issue Type: Improvement > Reporter: Benno Evers > Assignee: Benno Evers > Priority: Major > Labels: libprocess, ssl, tls > Fix For: 1.10, 1.9.1 > > > The environment variables `LIBPROCESS_SSL_VERIFY_CERT` and > `LIBPROCESS_SSL_REQUIRE_CERT` regularly cause confusion because they do not > precisely describe their function. > In particular, one might mistakenly assume that certificates are not required > when setting `LIBPROCESS_SSL_REQUIRE_CERT=false`, or that all certificates > are verified when `LIBPROCESS_SSL_VERIFY_CERT=true`. > We should rename the options to `LIBPROCESS_SSL_VERIFY_SERVER_CERT` and > `LIBPROCESS_SSL_REQUIRE_CLIENT_CERT` to make the semantics more clear. -- This message was sent by Atlassian Jira (v8.3.4#803005)