[
https://issues.apache.org/jira/browse/MESOS-7822?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gavin updated MESOS-7822:
-------------------------
Comment: was deleted
(was: www.rtat.net)
> Adopt X509_check_host.
> ----------------------
>
> Key: MESOS-7822
> URL: https://issues.apache.org/jira/browse/MESOS-7822
> Project: Mesos
> Issue Type: Bug
> Components: libprocess, security
> Reporter: James Peach
> Priority: Major
>
> {{libprocess}} is carrying custom hostname verification code, which uses
> deprecated OpenSSL API:
> {noformat}
> ../../../3rdparty/libprocess/src/openssl.cpp: In function ‘Try<Nothing>
> process::network::openssl::verify(const SSL*, const
> Option<std::__cxx11::basic_string<char> >&, const Option<net::IP>&)’:
> ../../../3rdparty/libprocess/src/openssl.cpp:677:42: warning: ‘unsigned char*
> ASN1_STRING_data(ASN1_STRING*)’ is deprecated [-Wdeprecated-declarations]
> current_name->d.dNSName));
> ^
> In file included from /usr/include/openssl/opensslconf.h:42:0,
> from /usr/include/openssl/bn.h:31,
> from /usr/include/openssl/asn1.h:24,
> from /usr/include/openssl/objects.h:916,
> from /usr/include/openssl/evp.h:27,
> from /usr/include/openssl/x509.h:23,
> from /usr/include/openssl/ssl.h:50,
> from ../../../3rdparty/libprocess/src/openssl.hpp:16,
> from ../../../3rdparty/libprocess/src/openssl.cpp:13:
> /usr/include/openssl/asn1.h:553:1: note: declared here
> DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
> ^
> {noformat}
> We should replace this (optionally with a OpenSSL version check) with a call
> to
> [X509_check_host|https://www.openssl.org/docs/man1.1.0/crypto/X509_check_host.html]
> which is available since OpenSSL 1.0.2.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
