Folks, We reviewed TLS configuration options in libprocess and came up with the following proposal [1] to allow for certificate verification in client mode only.
In short, the proposal suggests to add two flags to libprocess so that it can be configured to: * always require presence and verify server certificates, * never request client certificates, * validate hostname using OpenSSL calls. Please review. [1] https://docs.google.com/document/d/1O3q7UOXVGNw81xOkRNFPzrtbC__D-N_D_mwV6D--y0k/edit
