[jira] [Commented] (MESOS-9791) Libprocess does not support server only SSL certificate verification.

Fri, 07 Jun 2019 07:00:25 -0700 


    [ 
https://issues.apache.org/jira/browse/MESOS-9791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16858670#comment-16858670
 ] 

Benno Evers commented on MESOS-9791:
------------------------------------

After some discussion, we noticed that existing libprocess configuration is 
almost sufficient to achieve the configuration (3).

In particular, we created this table of the current libprocess behaviour as of 
1.8.0: 
https://docs.google.com/document/d/1sSzjyJ5odsNgv1BgsDQOopwNbj-ufzAA5rA4ColWXPU/edit

Setting `LIBPROCESS_SSL_VERIFY_CERT=true` and 
`LIBPROCESS_SSL_REQUIRE_CERT=false` will result in the following behaviour:
 - Require valid peer certificate in client mode unless an anonymous cipher is 
used
 - Send certificate in server mode
 - Send certificate in client mode if present
 - Verify client certificate in server mode if present.

After MESOS-9810 is landed, this will *always* require a valid peer certificate 
in client mode, fulfilling the requirements.


Note: With this setting, libprocess will always send a Client Certificate 
Request during the TLS handshake, but that is not as bad as it sounds since the 
TLS protocol specifies that a client MUST respond with an empty certificate 
response if it has no valid certificate to present. The server will then accept 
an empty certificate because `require_cert` was not set.

> Libprocess does not support server only SSL certificate verification.
> ---------------------------------------------------------------------
>
>                 Key: MESOS-9791
>                 URL: https://issues.apache.org/jira/browse/MESOS-9791
>             Project: Mesos
>          Issue Type: Improvement
>          Components: libprocess
>            Reporter: Alexander Rukletsov
>            Priority: Major
>              Labels: foundations, mesosphere, security, ssl, tls
>
> Currently SSL certificate verification in Libprocess can be configured in the 
> [following 
> ways|https://github.com/apache/mesos/blob/eecb82c77117998af0c67a53c64e9b1e975acfa4/3rdparty/libprocess/src/openssl.cpp#L88-L97]:
> (1) send certificate if in server mode, verify peer certificates *if present*;
> (2) require valid peer certificates in *both* client and server modes.
> It is currently impossible to configure a Libprocess instance to 
> simultaneously:
> (3) require valid peer certificate in client mode and send certificate in 
> server mode.
> Because Libprocess is often used by programs that act both as servers and 
> clients, implementing (3) is necessary to enable the so-called 
> webserver-browser model.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to