Re: Review Request 29406: Introduce libevent ssl socket.

Fri, 12 Jun 2015 11:26:31 -0700 


> On June 12, 2015, 6:17 p.m., Ben Mahler wrote:
> > Are the changes to process.cpp, libevent.{hpp|cpp} independent? Hard to 
> > tell if these are related to SSL, can you pull them out into separate 
> > reviews?
> 
> Benjamin Hindman wrote:
>     Ben: I've been reviewing this closely with Joris and asked him to keep 
> these in the same review to make it easier for me to review!

I'm surprised that makes it easier, as a bystander I can't easily tell what 
motivates the libevent.{hpp|cpp} and process.cpp changes (e.g. are they good to 
have even without SSL?). If they are independent I'd imagine you'd want to 
reduce the cognitive overhead of having them within this large patch?


- Ben


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29406/#review87735
-----------------------------------------------------------


On June 12, 2015, 6:06 p.m., Joris Van Remoortere wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29406/
> -----------------------------------------------------------
> 
> (Updated June 12, 2015, 6:06 p.m.)
> 
> 
> Review request for mesos, Benjamin Hindman and Michael Park.
> 
> 
> Bugs: MESOS-1913
>     https://issues.apache.org/jira/browse/MESOS-1913
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Requires:
> configure --enable-libevent --enable-libevent-socket --enable-ssl
> New environment variables:
> ```
> SSL_ENABLED=(false|0,true|1)
> SSL_CERT_FILE=(path to certificate)
> SSL_KEY_FILE=(path to key)
> SSL_VERIFY_CERT=(false|0,true|1)
> SSL_REQUIRE_CERT=(false|0,true|1)
> SSL_VERIFY_DEPTH=(4)
> SSL_CA_DIR=(path to CA directory)
> SSL_CA_FILE=(path to CA file)
> SSL_CIPHERS=(accepted ciphers separated by ':')
> SSL_ENABLE_SSL_V2=(false|0,true|1)
> SSL_ENABLE_SSL_V3=(false|0,true|1)
> SSL_ENABLE_TLS_V1_0=(false|0,true|1)
> SSL_ENABLE_TLS_V1_1=(false|0,true|1)
> SSL_ENABLE_TLS_V1_2=(false|0,true|1)
> ```
> 
> Only TLSV1.2 is enabled by default.
> Use the `ENABLE_SSL_V*` and `ENABLE_TLS_V*` environment variables to open up 
> more protocols.
> Use the `SSL_CIPHERS` environment variable to restrict or open up the 
> supported ciphers.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/Makefile.am 489ce359f383d819299335cbaa8c95724b0c6ac2 
>   3rdparty/libprocess/include/process/socket.hpp 
> b8c2274de535ac473e49a09165b601c96d3ebe8b 
>   3rdparty/libprocess/src/libevent.hpp 
> f6cc72178613a30446629532a773afccfd404212 
>   3rdparty/libprocess/src/libevent.cpp 
> fb038597358135a06c1927d079cb7cb09fea7452 
>   3rdparty/libprocess/src/libevent_ssl_socket.hpp PRE-CREATION 
>   3rdparty/libprocess/src/libevent_ssl_socket.cpp PRE-CREATION 
>   3rdparty/libprocess/src/openssl.hpp PRE-CREATION 
>   3rdparty/libprocess/src/openssl.cpp PRE-CREATION 
>   3rdparty/libprocess/src/process.cpp 
> aadd7bb0ae12b93336900c76d8d5aaa4421ea198 
>   3rdparty/libprocess/src/socket.cpp 0e1cebb19e21c706b152d35a0b8722924c971a35 
> 
> Diff: https://reviews.apache.org/r/29406/diff/
> 
> 
> Testing
> -------
> 
> make check (uses non-ssl socket)
> benchmarks using ssl sockets
> master, slave, framework, webui launch with ssl sockets
> 
> 
> Thanks,
> 
> Joris Van Remoortere
> 
>

Reply via email to