-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70748/
-----------------------------------------------------------
(Updated June 14, 2019, 11:40 a.m.)
Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, Joseph Wu,
and Till Toenshoff.
Changes
-------
Ignore invalid certificates in server mode.
Bugs: MESOS-9810
https://issues.apache.org/jira/browse/MESOS-9810
Repository: mesos
Description
-------
When in SSL client mode and `LIBPROCESS_SSL_VERIFY_CERT=true` has
been set, enforce that the server actually presents a certificate
that can be verified.
Note that in most cases, the TLS stack would rejected the connection
before the code ever reaches `openssl::verify()`, since the TLS
specification that a server MUST always send a certificate unless
an anonymous cipher is used.
Diffs (updated)
-----
3rdparty/libprocess/src/openssl.hpp 17bec246e516261f8d772f1647c17f092fae82d1
3rdparty/libprocess/src/openssl.cpp e7dbd67913fa8e7fbbf60dee428e7e38895f86ce
3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
29a1bf71c1df9d80370455a6269ecea0ec4193b0
3rdparty/libprocess/src/tests/ssl_tests.cpp
6b8496aeeed79ae1bd39d7013f4f403b248fdd4c
Diff: https://reviews.apache.org/r/70748/diff/3/
Changes: https://reviews.apache.org/r/70748/diff/2-3/
Testing
-------
Thanks,
Benno Evers
