Re: Review Request 70749: WIP: Use openssl hostname validation.

Tue, 04 Jun 2019 04:40:11 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70749/#review215673
-----------------------------------------------------------




3rdparty/libprocess/src/openssl.cpp
Lines 142 (patched)
<https://reviews.apache.org/r/70749/#comment302457>

    Looks incomplete



3rdparty/libprocess/src/openssl.cpp
Lines 553-557 (patched)
<https://reviews.apache.org/r/70749/#comment302458>

    Please explain in the comment and also in the flag description why this 
choice.
    
    If you keep auto option, please log the changes to the flag value. Also it 
might make sense to keep a separate variable for the actual value and keep user 
input unchanged (which is not quite what we have done here).



3rdparty/libprocess/src/openssl.cpp
Lines 565-567 (patched)
<https://reviews.apache.org/r/70749/#comment302460>

    Hm, this is unfortunate. I wonder if we can use 
https://www.openssl.org/docs/manmaster/man3/SSL_get_verify_result.html in 
combination with `SSL_VERIFY_NONE` to mimic the OR behaviour we currently have? 
Another question is whether we need to support OR at all.



3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
Lines 530-533 (patched)
<https://reviews.apache.org/r/70749/#comment302461>

    Does it mean that hostname validation with the help of openssl is not 
supported for clients?


- Alexander Rukletsov


On May 31, 2019, 3:47 p.m., Benno Evers wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70749/
> -----------------------------------------------------------
> 
> (Updated May 31, 2019, 3:47 p.m.)
> 
> 
> Review request for mesos, Alexander Rukletsov and Joseph Wu.
> 
> 
> Bugs: MESOS-9809
>     https://issues.apache.org/jira/browse/MESOS-9809
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> WIP: Use openssl hostname validation.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/include/process/ssl/flags.hpp 
> f3483f97f93bb29117b2c78f0f2ed9735d9c4b3a 
>   3rdparty/libprocess/src/openssl.hpp 
> 17bec246e516261f8d772f1647c17f092fae82d1 
>   3rdparty/libprocess/src/openssl.cpp 
> e7dbd67913fa8e7fbbf60dee428e7e38895f86ce 
>   3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 
> 29a1bf71c1df9d80370455a6269ecea0ec4193b0 
> 
> 
> Diff: https://reviews.apache.org/r/70749/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Benno Evers
> 
>

Reply via email to