Alexander Rukletsov created MESOS-9791: ------------------------------------------
Summary: Libprocess does not support server only SSL certificate verification. Key: MESOS-9791 URL: https://issues.apache.org/jira/browse/MESOS-9791 Project: Mesos Issue Type: Improvement Components: libprocess Reporter: Alexander Rukletsov Currently SSL certificate verification in Libprocess can be configured in the [following ways|https://github.com/apache/mesos/blob/eecb82c77117998af0c67a53c64e9b1e975acfa4/3rdparty/libprocess/src/openssl.cpp#L88-L97]: (1) send certificate if in server mode, verify peer certificates *if present*; (2) require valid peer certificates in *both* client and server modes. It is currently impossible to configure a Libprocess instance to simultaneously: (3) require valid peer certificate in client mode and send certificate in server mode. Because Libprocess is often used by programs that act both as servers and clients, implementing (3) is necessary to enable the so-called webserver-browser model. -- This message was sent by Atlassian JIRA (v7.6.3#76005)