> On Dec. 3, 2019, 7:23 a.m., Greg Mann wrote: > > 3rdparty/libprocess/src/ssl/socket_wrapper.cpp > > Lines 506 (patched) > > <https://reviews.apache.org/r/71665/diff/5/?file=2174446#file2174446line506> > > > > What is the "configure callback"? Could you be more explicit/verbose > > here? > > Joseph Wu wrote: > This terminology refers to this note in `libprocess/src/openssl.hpp`: > ``` > // Callback for setting SSL options after the TCP connection was > // established but before the TLS handshake has started. > Try<Nothing> configure_socket( > SSL* ssl, > Mode mode, > const Address& peer, > const Option<std::string>& peer_hostname); > ``` > > This code was copied from the libevent SSL socket's accept logic too.
It's still not clear to me what the "configure callback" is. Could you be more explicit/verbose in the comment? Perhaps refer to `configure_socket()` directly rather than calling it the "configure callback", or simply say "Right now, this function call does not do anything..."? - Greg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71665/#review218881 ----------------------------------------------------------- On Dec. 10, 2019, 11:53 p.m., Joseph Wu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71665/ > ----------------------------------------------------------- > > (Updated Dec. 10, 2019, 11:53 p.m.) > > > Review request for mesos, Benno Evers, Benjamin Mahler, Greg Mann, and Till > Toenshoff. > > > Bugs: MESOS-10010 > https://issues.apache.org/jira/browse/MESOS-10010 > > > Repository: mesos > > > Description > ------- > > This fills in some of the SSL socket implementation, > in particular the constructor, destructor, connect(), > and accept() methods. > > Much of the setup and verification is taken verbatim from the > libevent socket implementation. > > A change to the poll socket was necessary to prevent the SSL > socket from holding a self-reference indefinitely. > > > Diffs > ----- > > 3rdparty/libprocess/include/process/socket.hpp > 48860f8646d388685f0a60ad2a2f613b1f4be61a > 3rdparty/libprocess/src/posix/poll_socket.cpp > ecc2bd492c4edd2f6ab0aae52d50bb3954881893 > 3rdparty/libprocess/src/ssl/openssl_socket.hpp PRE-CREATION > 3rdparty/libprocess/src/ssl/openssl_socket.cpp PRE-CREATION > 3rdparty/libprocess/src/windows/poll_socket.cpp > e2a84694ac554b4c23242fd93d93800c0334a943 > > > Diff: https://reviews.apache.org/r/71665/diff/6/ > > > Testing > ------- > > cmake --build . --target libprocess-tests > > Successfully connected to Google :D > With something like this: > ``` > set_environment_variables({ > {"LIBPROCESS_SSL_ENABLED", "true"}, > {"LIBPROCESS_SSL_KEY_FILE", key_path().string()}, > {"LIBPROCESS_SSL_CERT_FILE", certificate_path().string()} > }); > > Try<Socket> client = Socket::create(SocketImpl::Kind::SSL); > ASSERT_SOME(client); > > AWAIT_ASSERT_READY(client->connect( > network::inet::Address(net::IP::parse("216.58.194.206").get(), 443), > openssl::create_tls_client_config(None()))); > ``` > > > Thanks, > > Joseph Wu > >