> On June 21, 2019, 1:34 a.m., Till Toenshoff wrote: > > docs/ssl.md > > Lines 194 (patched) > > <https://reviews.apache.org/r/70795/diff/3/?file=2151430#file2151430line194> > > > > I wonder if we should already start a deprecation of the `libprocess` > > scheme - that would be: > > - announcing that `openssl` will be standard soon on compatible boxes > > - announcing it to be gone at some point > > > > Or am I too eager for unification here?
It's actually a pretty big change - the 'libprocess' behaviour was built, I assume, to "magically" work with normal certificates w/o IP addresses despite libprocess only knowing about IP addresses. In DC/OS we don't notice most of it, since there all our certificates *do* contain the correct IP address, but at least quite a few unit tests will break by switching the default. So I actually agree we should do this deprecation, but I'm not sure about the timeline. - Benno ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70795/#review216020 ----------------------------------------------------------- On June 20, 2019, 5:27 p.m., Benno Evers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70795/ > ----------------------------------------------------------- > > (Updated June 20, 2019, 5:27 p.m.) > > > Review request for mesos, Alexander Rukletsov, Jan-Philip Gehrcke, Joseph Wu, > and Till Toenshoff. > > > Repository: mesos > > > Description > ------- > > Added a description of the new `--hostname_validation_algorithm` flag > and corresponding `LIBPROCESS_SSL_HOSTNAME_VALIDATION_ALGORITHM` > environment variable. > > > Diffs > ----- > > docs/ssl.md ce5058896144aa7824986d40d996899d92cb7c1c > > > Diff: https://reviews.apache.org/r/70795/diff/3/ > > > Testing > ------- > > > Thanks, > > Benno Evers > >