> On June 30, 2016, 3:58 p.m., Joris Van Remoortere wrote: > > 3rdparty/libprocess/src/libevent_ssl_socket.cpp, line 527 > > <https://reviews.apache.org/r/49401/diff/2/?file=1434152#file1434152line527> > > > > "verify the SSL connection later" > > => > > "verify the certificate later" > > ?
That was a copy&paste from the old comment on the peer_hostname. Will adapt both accordingly. > On June 30, 2016, 3:58 p.m., Joris Van Remoortere wrote: > > 3rdparty/libprocess/src/openssl.cpp, lines 700-712 > > <https://reviews.apache.org/r/49401/diff/2/?file=1434154#file1434154line700> > > > > This is unfortunate. > > Can you sync with @mcypark to see if we can clean this up? Brainstormed a lil with MPark. Even if we had a `strings::join` for `Option` taking `isNone()` into account - which we currently don't - we'ld still not really reach the goal yet. We'ld further on have to have to something like this: ``` Option<string> hostname_ = hostname.isSome() ? "hostname " + hostname.get() : Option<string>::none; Option<string> ip_ = ip.isSome() ? "IP " + ip.get() : Option<string>::none; return Error("Could not verify presented certificate with " + strings::join(", ", hostname_, ip_)); ``` However, we might actually have a demand for such `strings::join` - seems worth checking our codebase at some point for patterns similar to mine - also getting other places more concise thereby. - Till ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49401/#review140170 ----------------------------------------------------------- On June 30, 2016, 2 p.m., Till Toenshoff wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49401/ > ----------------------------------------------------------- > > (Updated June 30, 2016, 2 p.m.) > > > Review request for mesos, Adam B, Albert Strasheim, Artem Harutyunyan, Joris > Van Remoortere, and Lukas Loesche. > > > Bugs: MESOS-5724 > https://issues.apache.org/jira/browse/MESOS-5724 > > > Repository: mesos > > > Description > ------- > > Allows the verification of X509 certificates based on an IP address > instead of a hostname. Introduces a new environment variable; > `SSL_VERIFY_IPADD` which, when set to `true` will enable the > peer certificate verification to additionally rely on the IP > address of a connection. > > > Diffs > ----- > > 3rdparty/libprocess/src/libevent_ssl_socket.hpp 1dbdaa8 > 3rdparty/libprocess/src/libevent_ssl_socket.cpp 19d9ae5 > 3rdparty/libprocess/src/openssl.hpp 7d55025 > 3rdparty/libprocess/src/openssl.cpp 0f62aa6 > > Diff: https://reviews.apache.org/r/49401/diff/ > > > Testing > ------- > > make check on OSX and various linux distros. > > > Thanks, > > Till Toenshoff > >
