Re: Review Request 29406: Introduce libevent ssl socket.

Tue, 09 Jun 2015 06:30:18 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29406/
-----------------------------------------------------------

(Updated June 9, 2015, 1:29 p.m.)


Review request for Benjamin Hindman and Michael Park.


Changes
-------

move ssl flags into header for external access.
Use `SSL_ENABLED=(false|0,true|1)` instead of USE_SSL


Bugs: MESOS-1913
    https://issues.apache.org/jira/browse/MESOS-1913


Repository: mesos


Description
-------

Requires:
configure --enable-libevent --enable-libevent-socket --enable-ssl
New environment variables:
```
SSL_CERT_FILE=(path to certificate)
SSL_KEY_FILE=(path to key)
SSL_VERIFY_CERT=(false|0,true|1)
SSL_REQUIRE_CERT=(false|0,true|1)
SSL_VERIFY_DEPTH=(4)
SSL_CA_DIR=(path to CA directory)
SSL_CA_FILE=(path to CA file)
SSL_CIPHERS=(accepted ciphers separated by ':')
SSL_ENABLE_SSL_V2=(false|0,true|1)
SSL_ENABLE_SSL_V3=(false|0,true|1)
SSL_ENABLE_TLS_V1_0=(false|0,true|1)
SSL_ENABLE_TLS_V1_1=(false|0,true|1)
SSL_ENABLE_TLS_V1_2=(false|0,true|1)
```

Only TLSV1.2 is enabled by default.
Use the `ENABLE_SSL_V*` and `ENABLE_TLS_V*` environment variables to open up 
more protocols.
Use the `SSL_CIPHERS` environment variable to restrict or open up the supported 
ciphers.


Diffs (updated)
-----

  3rdparty/libprocess/Makefile.am 489ce359f383d819299335cbaa8c95724b0c6ac2 
  3rdparty/libprocess/include/process/socket.hpp 
b8c2274de535ac473e49a09165b601c96d3ebe8b 
  3rdparty/libprocess/src/libevent.hpp f6cc72178613a30446629532a773afccfd404212 
  3rdparty/libprocess/src/libevent.cpp fb038597358135a06c1927d079cb7cb09fea7452 
  3rdparty/libprocess/src/libevent_ssl_socket.hpp PRE-CREATION 
  3rdparty/libprocess/src/libevent_ssl_socket.cpp PRE-CREATION 
  3rdparty/libprocess/src/openssl.hpp PRE-CREATION 
  3rdparty/libprocess/src/openssl.cpp PRE-CREATION 
  3rdparty/libprocess/src/process.cpp d1b4d469a11abc618c1406bce602300dd9793b58 
  3rdparty/libprocess/src/socket.cpp 0e1cebb19e21c706b152d35a0b8722924c971a35 

Diff: https://reviews.apache.org/r/29406/diff/


Testing
-------

make check (uses non-ssl socket)
benchmarks using ssl sockets
master, slave, framework, webui launch with ssl sockets


Thanks,

Joris Van Remoortere

Reply via email to