----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49401/#review140120 -----------------------------------------------------------
3rdparty/libprocess/src/libevent_ssl_socket.cpp (line 515) <https://reviews.apache.org/r/49401/#comment205424> Why does turning on support for IP Address verification turn off support for Hostname verification? Shouldn't it be an added functionality not a replacement? Or am I reading the code wrong? - Lukas Loesche On June 30, 2016, 12:19 a.m., Till Toenshoff wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49401/ > ----------------------------------------------------------- > > (Updated June 30, 2016, 12:19 a.m.) > > > Review request for mesos, Adam B, Albert Strasheim, Artem Harutyunyan, Joris > Van Remoortere, and Lukas Loesche. > > > Bugs: MESOS-5724 > https://issues.apache.org/jira/browse/MESOS-5724 > > > Repository: mesos > > > Description > ------- > > Allows the verification of X509 certificates based on an IP address > instead of a hostname. Introduces a new environment variable; > `SSL_VERIFY_IPADD` which, when set to `true` will disable any > attempts to reverse-/lookup the hostname for certificate validation. > Instead the peer certificate verification then relies on the IP > address of a connection. > > > Diffs > ----- > > 3rdparty/libprocess/src/libevent_ssl_socket.hpp 1dbdaa8 > 3rdparty/libprocess/src/libevent_ssl_socket.cpp 19d9ae5 > 3rdparty/libprocess/src/openssl.hpp 7d55025 > 3rdparty/libprocess/src/openssl.cpp 0f62aa6 > > Diff: https://reviews.apache.org/r/49401/diff/ > > > Testing > ------- > > make check on OSX and various linux distros. > > > Thanks, > > Till Toenshoff > >
