> On Sept. 17, 2019, 5:39 p.m., Vinod Kone wrote: > > 3rdparty/libprocess/src/openssl.cpp > > Lines 118 (patched) > > <https://reviews.apache.org/r/71497/diff/2/?file=2165534#file2165534line118> > > > > can you use the `alias` argument in `add()` for these?
Actually, after having implemented the change I'm considering reverting back to the previous version. The `alias()` mechanism is strict about allowing users to specify only one version of the command name: ``` E0918 11:04:41.622146 62400 openssl.cpp:454] EXIT with status 1: Failed to load flags from environment variables prefixed by LIBPROCESS_SSL_ or SSL_ (deprecated): Flag 'verify_server_cert' is already loaded via name 'verify_cert' ``` This makes sense in general, but it can lead to problems when an operator manually wants to enable server certificate validation by setting `LIBPROCESS_SSL_VERIFY_CERT=true` and a newer agent leaks its own configuration `LIBPROCESS_SSL_VERIFY_SERVER_CERT=true` into the process environment, accidentally killing the task. - Benno ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71497/#review217792 ----------------------------------------------------------- On Sept. 18, 2019, 12:35 p.m., Benno Evers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71497/ > ----------------------------------------------------------- > > (Updated Sept. 18, 2019, 12:35 p.m.) > > > Review request for mesos, Greg Mann and Till Toenshoff. > > > Bugs: MESOS-9972 > https://issues.apache.org/jira/browse/MESOS-9972 > > > Repository: mesos > > > Description > ------- > > The `LIBPROCESS_SSL_REQUIRE_CERT` flag was renamed to > `LIBPROCESS_SSL_REQUIRE_CLIENT_CERT`. > > The `LIBPROCESS_SSL_VERIFY_CERT` flag was renamed to > `LIBPROCESS_SSL_VERIFY_SERVER_CERT`. > > The new names better describe the actual effect of both flags, and > make upgrades easier by allowing operators to only enable verification > on agents that are new enough to contain the updated hostname > validation code paths. > > > Diffs > ----- > > 3rdparty/libprocess/include/process/ssl/flags.hpp > 1a0e3820cc8cd1459625f46a54b194133500f11e > 3rdparty/libprocess/src/openssl.hpp > 271cc95238d287c06df36478554502e8b7205b09 > 3rdparty/libprocess/src/openssl.cpp > 5854711971c9ebc4d676edc43af5ab5cfd5ea4c6 > 3rdparty/libprocess/src/tests/ssl_tests.cpp > 9d5ab679165a709f7c3740020961ec89a7db4f54 > docs/ssl.md 90a2eb9800b7d8d9aa9d7b1060a6e5eb9e124b02 > docs/upgrades.md e630731c332fdd7df788f96644a8084f30b5c621 > > > Diff: https://reviews.apache.org/r/71497/diff/3/ > > > Testing > ------- > > > Thanks, > > Benno Evers > >
