> On June 21, 2019, 1:34 a.m., Till Toenshoff wrote: > > docs/ssl.md > > Lines 194 (patched) > > <https://reviews.apache.org/r/70795/diff/3/?file=2151430#file2151430line194> > > > > I wonder if we should already start a deprecation of the `libprocess` > > scheme - that would be: > > - announcing that `openssl` will be standard soon on compatible boxes > > - announcing it to be gone at some point > > > > Or am I too eager for unification here? > > Benno Evers wrote: > It's actually a pretty big change - the 'libprocess' behaviour was built, > I assume, to "magically" work with normal certificates w/o IP addresses > despite libprocess only knowing about IP addresses. In DC/OS we don't notice > most of it, since there all our certificates *do* contain the correct IP > address, but at least quite a few unit tests will break by switching the > default. > > So I actually agree we should do this deprecation, but I'm not sure about > the timeline.
Created https://issues.apache.org/jira/browse/MESOS-9857 to track the change. - Benno ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70795/#review216020 ----------------------------------------------------------- On June 21, 2019, 3:05 p.m., Benno Evers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70795/ > ----------------------------------------------------------- > > (Updated June 21, 2019, 3:05 p.m.) > > > Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, Joseph Wu, > and Till Toenshoff. > > > Repository: mesos > > > Description > ------- > > Added a description of the new `--hostname_validation_scheme` flag > and corresponding `LIBPROCESS_SSL_HOSTNAME_VALIDATION_SCHEME` > environment variable. > > > Diffs > ----- > > docs/ssl.md ce5058896144aa7824986d40d996899d92cb7c1c > > > Diff: https://reviews.apache.org/r/70795/diff/4/ > > > Testing > ------- > > > Thanks, > > Benno Evers > >