----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70748/#review215616 -----------------------------------------------------------
The code looks good to me. Thanks! As part of this change, either here or in separate reviews, let us: - call out the modification in the changelog; - mention taken approach in MESOS-9791 and explain why (based on the discussion we had with Jan-Philip Gehrcke); - update SSL flags description, in particular calling out that `REQUIRE_CERT` is applicable for client mode only; - update SSL documentation, in particular introduce suggested configuration and clarify the behaviour in client and server modes based on set arguments (based on the table you showed me offline); - send a message to the user list regarding the use of anonymous ciphers 3rdparty/libprocess/src/openssl.cpp Lines 742-743 (patched) <https://reviews.apache.org/r/70748/#comment302368> blank comment line please 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp Lines 74-75 (patched) <https://reviews.apache.org/r/70748/#comment302369> ouch? 3rdparty/libprocess/src/tests/ssl_tests.cpp Lines 287-290 (patched) <https://reviews.apache.org/r/70748/#comment302371> Can we also test that a client must *not* present a cert? I believe the answer is _no_, but a TODO or a NOTE could be helpful. 3rdparty/libprocess/src/tests/ssl_tests.cpp Lines 290 (patched) <https://reviews.apache.org/r/70748/#comment302372> s/VerifyAnonymousCipher/NoAnonymousCipherIfVerify/ 3rdparty/libprocess/src/tests/ssl_tests.cpp Lines 296 (patched) <https://reviews.apache.org/r/70748/#comment302373> Let's mention that `ADH-AES256-SHA` is an anonymous cipher and maybe even link https://www.openssl.org/docs/man1.0.2/man1/ciphers.html ? - Alexander Rukletsov On May 31, 2019, 2:34 p.m., Benno Evers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70748/ > ----------------------------------------------------------- > > (Updated May 31, 2019, 2:34 p.m.) > > > Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, and Till > Toenshoff. > > > Bugs: MESOS-9791 > https://issues.apache.org/jira/browse/MESOS-9791 > > > Repository: mesos > > > Description > ------- > > When in SSL client mode and `LIBPROCESS_SSL_VERIFY_CERT=true` has > been set, enforce that the server actually presents a certificate > that can be verified. > > Note that in most cases, the TLS stack would rejected the connection > before the code ever reaches `openssl::verify()`, since the TLS > specification says that a server MUST always send a certificate > unless an anonymous cipher is used. > > > Diffs > ----- > > 3rdparty/libprocess/src/openssl.hpp > 17bec246e516261f8d772f1647c17f092fae82d1 > 3rdparty/libprocess/src/openssl.cpp > e7dbd67913fa8e7fbbf60dee428e7e38895f86ce > 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp > 29a1bf71c1df9d80370455a6269ecea0ec4193b0 > 3rdparty/libprocess/src/tests/ssl_tests.cpp > 6b8496aeeed79ae1bd39d7013f4f403b248fdd4c > > > Diff: https://reviews.apache.org/r/70748/diff/1/ > > > Testing > ------- > > > Thanks, > > Benno Evers > >