----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70748/ -----------------------------------------------------------
(Updated May 31, 2019, 2:06 p.m.) Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, and Till Toenshoff. Repository: mesos Description (updated) ------- When in SSL client mode and `LIBPROCESS_SSL_VERIFY_CERT=true` has been set, enforce that the server actually presents a certificate that can be verified. Note that in most cases, the TLS stack would rejected the connection before the code ever reaches `openssl::verify()`, since the TLS specification says that a server MUST always send a certificate unless an anonymous cipher is used. Diffs ----- 3rdparty/libprocess/src/openssl.hpp 17bec246e516261f8d772f1647c17f092fae82d1 3rdparty/libprocess/src/openssl.cpp e7dbd67913fa8e7fbbf60dee428e7e38895f86ce 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 29a1bf71c1df9d80370455a6269ecea0ec4193b0 3rdparty/libprocess/src/tests/ssl_tests.cpp 6b8496aeeed79ae1bd39d7013f4f403b248fdd4c Diff: https://reviews.apache.org/r/70748/diff/1/ Testing ------- Thanks, Benno Evers