[ https://issues.apache.org/jira/browse/MESOS-9791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16858670#comment-16858670 ]
Benno Evers commented on MESOS-9791: ------------------------------------ After some discussion, we noticed that existing libprocess configuration is almost sufficient to achieve the configuration (3). In particular, we created this table of the current libprocess behaviour as of 1.8.0: https://docs.google.com/document/d/1sSzjyJ5odsNgv1BgsDQOopwNbj-ufzAA5rA4ColWXPU/edit Setting `LIBPROCESS_SSL_VERIFY_CERT=true` and `LIBPROCESS_SSL_REQUIRE_CERT=false` will result in the following behaviour: - Require valid peer certificate in client mode unless an anonymous cipher is used - Send certificate in server mode - Send certificate in client mode if present - Verify client certificate in server mode if present. After MESOS-9810 is landed, this will *always* require a valid peer certificate in client mode, fulfilling the requirements. Note: With this setting, libprocess will always send a Client Certificate Request during the TLS handshake, but that is not as bad as it sounds since the TLS protocol specifies that a client MUST respond with an empty certificate response if it has no valid certificate to present. The server will then accept an empty certificate because `require_cert` was not set. > Libprocess does not support server only SSL certificate verification. > --------------------------------------------------------------------- > > Key: MESOS-9791 > URL: https://issues.apache.org/jira/browse/MESOS-9791 > Project: Mesos > Issue Type: Improvement > Components: libprocess > Reporter: Alexander Rukletsov > Priority: Major > Labels: foundations, mesosphere, security, ssl, tls > > Currently SSL certificate verification in Libprocess can be configured in the > [following > ways|https://github.com/apache/mesos/blob/eecb82c77117998af0c67a53c64e9b1e975acfa4/3rdparty/libprocess/src/openssl.cpp#L88-L97]: > (1) send certificate if in server mode, verify peer certificates *if present*; > (2) require valid peer certificates in *both* client and server modes. > It is currently impossible to configure a Libprocess instance to > simultaneously: > (3) require valid peer certificate in client mode and send certificate in > server mode. > Because Libprocess is often used by programs that act both as servers and > clients, implementing (3) is necessary to enable the so-called > webserver-browser model. -- This message was sent by Atlassian JIRA (v7.6.3#76005)