> On June 30, 2016, 2:51 p.m., Joris Van Remoortere wrote: > > 3rdparty/libprocess/src/ssl/utilities.cpp, lines 240-243 > > <https://reviews.apache.org/r/49400/diff/1/?file=1433533#file1433533line240> > > > > I'm not sure I understand why this works. > > `in_addr.get().s_addr` is a uint. Aren't we supposed to be copying a > > string in this case? > > > > If it *is* supposed to be a binary IP this definitely deserves a > > comment. The documentation doesn't make it clear to me that this can be > > binary instead of a string. > > Till Toenshoff wrote: > It is indeed a binary.
See the OpenSSL sources: https://github.com/openssl/openssl/blob/master/crypto/x509v3/v3_alt.c#L101 See e.g. this implementation: http://bxr.su/OpenBSD/regress/lib/libtls/verify/verifytest.c#136 - Till ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49400/#review140164 ----------------------------------------------------------- On June 30, 2016, 12:19 a.m., Till Toenshoff wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49400/ > ----------------------------------------------------------- > > (Updated June 30, 2016, 12:19 a.m.) > > > Review request for mesos, Adam B, Albert Strasheim, Artem Harutyunyan, Joris > Van Remoortere, and Lukas Loesche. > > > Bugs: MESOS-5724 > https://issues.apache.org/jira/browse/MESOS-5724 > > > Repository: mesos > > > Description > ------- > > Adds the ability to render a subject alternative name based on a given > IP address within a X509 certificate extension. Additionally the > libprocess test suite makes use of this feature. > > > Diffs > ----- > > 3rdparty/libprocess/include/process/ssl/gtest.hpp 5435ddd > 3rdparty/libprocess/include/process/ssl/utilities.hpp ad9ec5d > 3rdparty/libprocess/src/ssl/utilities.cpp d23f462 > > Diff: https://reviews.apache.org/r/49400/diff/ > > > Testing > ------- > > make check on OSX and various linux distros. > > Functional testing by validating a rendered certificate; > > ``` > openssl x509 -text -noout -in "temp_cert_file_name" > ``` > > > Thanks, > > Till Toenshoff > >
