[ https://issues.apache.org/jira/browse/MESOS-7822?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gavin updated MESOS-7822: ------------------------- Comment: was deleted (was: www.rtat.net) > Adopt X509_check_host. > ---------------------- > > Key: MESOS-7822 > URL: https://issues.apache.org/jira/browse/MESOS-7822 > Project: Mesos > Issue Type: Bug > Components: libprocess, security > Reporter: James Peach > Priority: Major > > {{libprocess}} is carrying custom hostname verification code, which uses > deprecated OpenSSL API: > {noformat} > ../../../3rdparty/libprocess/src/openssl.cpp: In function ‘Try<Nothing> > process::network::openssl::verify(const SSL*, const > Option<std::__cxx11::basic_string<char> >&, const Option<net::IP>&)’: > ../../../3rdparty/libprocess/src/openssl.cpp:677:42: warning: ‘unsigned char* > ASN1_STRING_data(ASN1_STRING*)’ is deprecated [-Wdeprecated-declarations] > current_name->d.dNSName)); > ^ > In file included from /usr/include/openssl/opensslconf.h:42:0, > from /usr/include/openssl/bn.h:31, > from /usr/include/openssl/asn1.h:24, > from /usr/include/openssl/objects.h:916, > from /usr/include/openssl/evp.h:27, > from /usr/include/openssl/x509.h:23, > from /usr/include/openssl/ssl.h:50, > from ../../../3rdparty/libprocess/src/openssl.hpp:16, > from ../../../3rdparty/libprocess/src/openssl.cpp:13: > /usr/include/openssl/asn1.h:553:1: note: declared here > DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) > ^ > {noformat} > We should replace this (optionally with a OpenSSL version check) with a call > to > [X509_check_host|https://www.openssl.org/docs/man1.1.0/crypto/X509_check_host.html] > which is available since OpenSSL 1.0.2. -- This message was sent by Atlassian JIRA (v7.6.3#76005)