Alexander Rukletsov created MESOS-9791:
------------------------------------------
Summary: Libprocess does not support server only SSL certificate
verification.
Key: MESOS-9791
URL: https://issues.apache.org/jira/browse/MESOS-9791
Project: Mesos
Issue Type: Improvement
Components: libprocess
Reporter: Alexander Rukletsov
Currently SSL certificate verification in Libprocess can be configured in the
[following
ways|https://github.com/apache/mesos/blob/eecb82c77117998af0c67a53c64e9b1e975acfa4/3rdparty/libprocess/src/openssl.cpp#L88-L97]:
(1) send certificate if in server mode, verify peer certificates *if present*;
(2) require valid peer certificates in *both* client and server modes.
It is currently impossible to configure a Libprocess instance to simultaneously:
(3) require valid peer certificate in client mode and send certificate in
server mode.
Because Libprocess is often used by programs that act both as servers and
clients, implementing (3) is necessary to enable the so-called
webserver-browser model.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
