> On June 21, 2019, 1:34 a.m., Till Toenshoff wrote: > > docs/ssl.md > > Lines 194 (patched) > > <https://reviews.apache.org/r/70795/diff/3/?file=2151430#file2151430line194> > > > > I wonder if we should already start a deprecation of the `libprocess` > > scheme - that would be: > > - announcing that `openssl` will be standard soon on compatible boxes > > - announcing it to be gone at some point > > > > Or am I too eager for unification here? > > Benno Evers wrote: > It's actually a pretty big change - the 'libprocess' behaviour was built, > I assume, to "magically" work with normal certificates w/o IP addresses > despite libprocess only knowing about IP addresses. In DC/OS we don't notice > most of it, since there all our certificates *do* contain the correct IP > address, but at least quite a few unit tests will break by switching the > default. > > So I actually agree we should do this deprecation, but I'm not sure about > the timeline. > > Benno Evers wrote: > Created https://issues.apache.org/jira/browse/MESOS-9857 to track the > change.
Great - next we would update all relevant documentation with a deprecation note and a reference of that ticket. Right now I am contemplating doing this in a single run, right away, instead of multiple phases. Multiple phases would which would allow us to have that `libprocess` default without having to warn about it. What do you think? We would ... - add a comment note here - add an SSL flags description note - possibly have the flags validation output a deprecation warning - anything I forgot here? - Till ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70795/#review216020 ----------------------------------------------------------- On June 21, 2019, 3:05 p.m., Benno Evers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70795/ > ----------------------------------------------------------- > > (Updated June 21, 2019, 3:05 p.m.) > > > Review request for mesos, Alexander Rukletsov, Benjamin Mahler, Jan-Philip > Gehrcke, Joseph Wu, and Till Toenshoff. > > > Repository: mesos > > > Description > ------- > > Added a description of the new `--hostname_validation_scheme` flag > and corresponding `LIBPROCESS_SSL_HOSTNAME_VALIDATION_SCHEME` > environment variable. > > > Diffs > ----- > > docs/ssl.md ce5058896144aa7824986d40d996899d92cb7c1c > > > Diff: https://reviews.apache.org/r/70795/diff/4/ > > > Testing > ------- > > > Thanks, > > Benno Evers > >
