You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@mesos.apache.org by Benno Evers <be...@mesosphere.com> on 2019/07/02 17:29:38 UTC

Re: Review Request 70883: Added optional 'peer_hostname' argument to Socket::connect().

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70883/
-----------------------------------------------------------

(Updated July 2, 2019, 5:29 p.m.)


Review request for mesos, Benjamin Mahler, Joseph Wu, and Till Toenshoff.


Changes
-------

Passed missing hostname in `send()`.


Repository: mesos


Description
-------

The Socket::connect() function now takes an optional string
as an additional argument. This is to prepare support for proper
TLS hostname validation.

With TCP, a connection is always made to a specific IP address,
with the hostname just serving as an artifact to help humans
remember that address.

With TLS, the roles are switched: A connection is made to a
specific hostname (which is recorded in a TLS certificate),
with the IP address just being a network-layer artifact to
help packets route to that hostname.

Therefore, a connecting TLS socket must be aware of the
hostname it is supposed to connect to.


Diffs (updated)
-----

  3rdparty/libprocess/include/process/http.hpp 029605eaff72e80206cb7dfd64c2f898084155e0 
  3rdparty/libprocess/include/process/socket.hpp 4f0f6e9aa6e95e826e3de96e518a7200ad7a8f83 
  3rdparty/libprocess/src/http.cpp 3e73ee936f5c6329f41704a179f3d88ab65dfb6d 
  3rdparty/libprocess/src/poll_socket.hpp 15b7902ba2b10fad63e2ba7b8d5081d4b9e2d1c7 
  3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp 6ef5a86566af3439cfe0b06ab3576076623f7be0 
  3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 7e2229a9ed815727500bd457356e5531607fa6cf 
  3rdparty/libprocess/src/posix/poll_socket.cpp 74acb6942682a9d9626df81b303eba0a1c24ecf7 
  3rdparty/libprocess/src/process.cpp 799666f03d6a78708aa9336c2dd04bc9b5023aa0 
  3rdparty/libprocess/src/windows/poll_socket.cpp 565b0088dc2b270193e615655f57f48419eb2c12 


Diff: https://reviews.apache.org/r/70883/diff/2/

Changes: https://reviews.apache.org/r/70883/diff/1-2/


Testing
-------


Thanks,

Benno Evers

Re: Review Request 70883: Added optional 'peer_hostname' argument to Socket::connect().

Posted by Benno Evers <be...@mesosphere.com>.


> On July 3, 2019, 3:38 p.m., Benjamin Mahler wrote:
> > Can you discard this patch in favor of the agreed upon interface?
> > 
> > This patch looks pretty small outside of the interface changes, so it should be easy to re-work into the new approach? We don't want to commit a confusing interface only to immediately rework it, so let's just go with the better interface.

Left it as is for now, as discussed over Slack.


- Benno


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70883/#review216341
-----------------------------------------------------------


On July 2, 2019, 5:29 p.m., Benno Evers wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70883/
> -----------------------------------------------------------
> 
> (Updated July 2, 2019, 5:29 p.m.)
> 
> 
> Review request for mesos, Benjamin Mahler, Joseph Wu, and Till Toenshoff.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The Socket::connect() function now takes an optional string
> as an additional argument. This is to prepare support for proper
> TLS hostname validation.
> 
> With TCP, a connection is always made to a specific IP address,
> with the hostname just serving as an artifact to help humans
> remember that address.
> 
> With TLS, the roles are switched: A connection is made to a
> specific hostname (which is recorded in a TLS certificate),
> with the IP address just being a network-layer artifact to
> help packets route to that hostname.
> 
> Therefore, a connecting TLS socket must be aware of the
> hostname it is supposed to connect to.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/include/process/http.hpp 029605eaff72e80206cb7dfd64c2f898084155e0 
>   3rdparty/libprocess/include/process/socket.hpp 4f0f6e9aa6e95e826e3de96e518a7200ad7a8f83 
>   3rdparty/libprocess/src/http.cpp 3e73ee936f5c6329f41704a179f3d88ab65dfb6d 
>   3rdparty/libprocess/src/poll_socket.hpp 15b7902ba2b10fad63e2ba7b8d5081d4b9e2d1c7 
>   3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp 6ef5a86566af3439cfe0b06ab3576076623f7be0 
>   3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 7e2229a9ed815727500bd457356e5531607fa6cf 
>   3rdparty/libprocess/src/posix/poll_socket.cpp 74acb6942682a9d9626df81b303eba0a1c24ecf7 
>   3rdparty/libprocess/src/process.cpp 799666f03d6a78708aa9336c2dd04bc9b5023aa0 
>   3rdparty/libprocess/src/windows/poll_socket.cpp 565b0088dc2b270193e615655f57f48419eb2c12 
> 
> 
> Diff: https://reviews.apache.org/r/70883/diff/3/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Benno Evers
> 
>

Re: Review Request 70883: Added optional 'peer_hostname' argument to Socket::connect().

Posted by Benjamin Mahler <bm...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70883/#review216341
-----------------------------------------------------------



Can you discard this patch in favor of the agreed upon interface?

This patch looks pretty small outside of the interface changes, so it should be easy to re-work into the new approach? We don't want to commit a confusing interface only to immediately rework it, so let's just go with the better interface.

- Benjamin Mahler


On July 2, 2019, 5:29 p.m., Benno Evers wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70883/
> -----------------------------------------------------------
> 
> (Updated July 2, 2019, 5:29 p.m.)
> 
> 
> Review request for mesos, Benjamin Mahler, Joseph Wu, and Till Toenshoff.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The Socket::connect() function now takes an optional string
> as an additional argument. This is to prepare support for proper
> TLS hostname validation.
> 
> With TCP, a connection is always made to a specific IP address,
> with the hostname just serving as an artifact to help humans
> remember that address.
> 
> With TLS, the roles are switched: A connection is made to a
> specific hostname (which is recorded in a TLS certificate),
> with the IP address just being a network-layer artifact to
> help packets route to that hostname.
> 
> Therefore, a connecting TLS socket must be aware of the
> hostname it is supposed to connect to.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/include/process/http.hpp 029605eaff72e80206cb7dfd64c2f898084155e0 
>   3rdparty/libprocess/include/process/socket.hpp 4f0f6e9aa6e95e826e3de96e518a7200ad7a8f83 
>   3rdparty/libprocess/src/http.cpp 3e73ee936f5c6329f41704a179f3d88ab65dfb6d 
>   3rdparty/libprocess/src/poll_socket.hpp 15b7902ba2b10fad63e2ba7b8d5081d4b9e2d1c7 
>   3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp 6ef5a86566af3439cfe0b06ab3576076623f7be0 
>   3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 7e2229a9ed815727500bd457356e5531607fa6cf 
>   3rdparty/libprocess/src/posix/poll_socket.cpp 74acb6942682a9d9626df81b303eba0a1c24ecf7 
>   3rdparty/libprocess/src/process.cpp 799666f03d6a78708aa9336c2dd04bc9b5023aa0 
>   3rdparty/libprocess/src/windows/poll_socket.cpp 565b0088dc2b270193e615655f57f48419eb2c12 
> 
> 
> Diff: https://reviews.apache.org/r/70883/diff/3/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Benno Evers
> 
>