----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70749/#review215673 -----------------------------------------------------------
3rdparty/libprocess/src/openssl.cpp Lines 142 (patched) <https://reviews.apache.org/r/70749/#comment302457> Looks incomplete 3rdparty/libprocess/src/openssl.cpp Lines 553-557 (patched) <https://reviews.apache.org/r/70749/#comment302458> Please explain in the comment and also in the flag description why this choice. If you keep auto option, please log the changes to the flag value. Also it might make sense to keep a separate variable for the actual value and keep user input unchanged (which is not quite what we have done here). 3rdparty/libprocess/src/openssl.cpp Lines 565-567 (patched) <https://reviews.apache.org/r/70749/#comment302460> Hm, this is unfortunate. I wonder if we can use https://www.openssl.org/docs/manmaster/man3/SSL_get_verify_result.html in combination with `SSL_VERIFY_NONE` to mimic the OR behaviour we currently have? Another question is whether we need to support OR at all. 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp Lines 530-533 (patched) <https://reviews.apache.org/r/70749/#comment302461> Does it mean that hostname validation with the help of openssl is not supported for clients? - Alexander Rukletsov On May 31, 2019, 3:47 p.m., Benno Evers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70749/ > ----------------------------------------------------------- > > (Updated May 31, 2019, 3:47 p.m.) > > > Review request for mesos, Alexander Rukletsov and Joseph Wu. > > > Bugs: MESOS-9809 > https://issues.apache.org/jira/browse/MESOS-9809 > > > Repository: mesos > > > Description > ------- > > WIP: Use openssl hostname validation. > > > Diffs > ----- > > 3rdparty/libprocess/include/process/ssl/flags.hpp > f3483f97f93bb29117b2c78f0f2ed9735d9c4b3a > 3rdparty/libprocess/src/openssl.hpp > 17bec246e516261f8d772f1647c17f092fae82d1 > 3rdparty/libprocess/src/openssl.cpp > e7dbd67913fa8e7fbbf60dee428e7e38895f86ce > 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp > 29a1bf71c1df9d80370455a6269ecea0ec4193b0 > > > Diff: https://reviews.apache.org/r/70749/diff/1/ > > > Testing > ------- > > > Thanks, > > Benno Evers > >