[jira] [Commented] (MESOS-9972) Update Names for TLS-related environment variables in libprocess.

Benno Evers (Jira) Fri, 20 Sep 2019 11:31:17 -0700


    [ 
https://issues.apache.org/jira/browse/MESOS-9972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934655#comment-16934655
 ]


Benno Evers commented on MESOS-9972:
------------------------------------

https://reviews.apache.org/r/71497/

[master]
{noformat}
commit 9f1d38f491e8d9c02bebb094da87467bb70a8d27
Author: Benno Evers <bev...@mesosphere.com>
Date:   Tue Sep 17 14:04:35 2019 +0200

    Introduced new names for SSL-related libprocess flags.
    
    The `LIBPROCESS_SSL_REQUIRE_CERT` flag was renamed to
    `LIBPROCESS_SSL_REQUIRE_CLIENT_CERT`.
    
    The `LIBPROCESS_SSL_VERIFY_CERT` flag was renamed to
    `LIBPROCESS_SSL_VERIFY_SERVER_CERT`.
    
    The new names better describe the actual effect of both flags, and
    make upgrades easier by allowing operators to only enable verification
    on agents that are new enough to contain the updated hostname
    validation code paths.
    
    Review: https://reviews.apache.org/r/71497
{noformat}

[1.9]
{noformat}
commit a8325853a01c2dd597fabe84c437ecfd46fb9c0c
Author: Benno Evers <bev...@mesosphere.com>
Date:   Tue Sep 17 14:04:35 2019 +0200

    Introduced new names for SSL-related libprocess flags.
    
    The `LIBPROCESS_SSL_REQUIRE_CERT` flag was renamed to
    `LIBPROCESS_SSL_REQUIRE_CLIENT_CERT`.
    
    The `LIBPROCESS_SSL_VERIFY_CERT` flag was renamed to
    `LIBPROCESS_SSL_VERIFY_SERVER_CERT`.
    
    The new names better describe the actual effect of both flags, and
    make upgrades easier by allowing operators to only enable verification
    on agents that are new enough to contain the updated hostname
    validation code paths.
    
    Review: https://reviews.apache.org/r/71497
{noformat}

> Update Names for TLS-related environment variables in libprocess.
> -----------------------------------------------------------------
>
>                 Key: MESOS-9972
>                 URL: https://issues.apache.org/jira/browse/MESOS-9972
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Benno Evers
>            Assignee: Benno Evers
>            Priority: Major
>              Labels: libprocess, ssl, tls
>             Fix For: 1.10, 1.9.1
>
>
> The environment variables `LIBPROCESS_SSL_VERIFY_CERT` and 
> `LIBPROCESS_SSL_REQUIRE_CERT` regularly cause confusion because they do not 
> precisely describe their function.
> In particular, one might mistakenly assume that certificates are not required 
> when setting `LIBPROCESS_SSL_REQUIRE_CERT=false`, or that all certificates 
> are verified when `LIBPROCESS_SSL_VERIFY_CERT=true`.
> We should rename the options to `LIBPROCESS_SSL_VERIFY_SERVER_CERT` and 
> `LIBPROCESS_SSL_REQUIRE_CLIENT_CERT` to make the semantics more clear.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (MESOS-9972) Update Names for TLS-related environment variables in libprocess.

Reply via email to