[jira] [Created] (MESOS-9811) Don't use reverse DNS for hostname validation

Benno Evers (JIRA) Mon, 03 Jun 2019 16:02:15 -0700

Benno Evers created MESOS-9811:
----------------------------------

             Summary: Don't use reverse DNS for hostname validation
                 Key: MESOS-9811
                 URL: https://issues.apache.org/jira/browse/MESOS-9811
             Project: Mesos
          Issue Type: Bug
            Reporter: Benno Evers



Upon connection we first resolve the hostname and forget about it

https://github.com/apache/mesos/blob/master/3rdparty/libprocess/src/http.cpp#L1462-L1504

then later use reverse DNS on the remote address to get back a hostname

https://github.com/apache/mesos/blob/4708c2a368e12a89669135f47777d0dd05d9b0b2/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp#L548-L556

and verify the server certificate against *that*.

Instead, we should verify the server certificate against the hostname that was 
used by t he client to initiate the connection.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (MESOS-9811) Don't use reverse DNS for hostname validation

Reply via email to