---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49401/#review140120
---
3rdparty/libprocess/src/libevent_ssl_socket.cpp (line 515)
<https://reviews.apache.org/r/49401/#comment205424>
Why does turning on support for IP Address verification turn off support
for Hostname verification? Shouldn't it be an added functionality not a
replacement? Or am I reading the code wrong?
- Lukas Loesche
On June 30, 2016, 12:19 a.m., Till Toenshoff wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49401/
> ---
>
> (Updated June 30, 2016, 12:19 a.m.)
>
>
> Review request for mesos, Adam B, Albert Strasheim, Artem Harutyunyan, Joris
> Van Remoortere, and Lukas Loesche.
>
>
> Bugs: MESOS-5724
> https://issues.apache.org/jira/browse/MESOS-5724
>
>
> Repository: mesos
>
>
> Description
> ---
>
> Allows the verification of X509 certificates based on an IP address
> instead of a hostname. Introduces a new environment variable;
> `SSL_VERIFY_IPADD` which, when set to `true` will disable any
> attempts to reverse-/lookup the hostname for certificate validation.
> Instead the peer certificate verification then relies on the IP
> address of a connection.
>
>
> Diffs
> -
>
> 3rdparty/libprocess/src/libevent_ssl_socket.hpp 1dbdaa8
> 3rdparty/libprocess/src/libevent_ssl_socket.cpp 19d9ae5
> 3rdparty/libprocess/src/openssl.hpp 7d55025
> 3rdparty/libprocess/src/openssl.cpp 0f62aa6
>
> Diff: https://reviews.apache.org/r/49401/diff/
>
>
> Testing
> ---
>
> make check on OSX and various linux distros.
>
>
> Thanks,
>
> Till Toenshoff
>
>
