You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Benno Evers <be...@mesosphere.com> on 2019/07/02 17:29:38 UTC
Re: Review Request 70883: Added optional 'peer_hostname' argument to
Socket::connect().
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70883/
-----------------------------------------------------------
(Updated July 2, 2019, 5:29 p.m.)
Review request for mesos, Benjamin Mahler, Joseph Wu, and Till Toenshoff.
Changes
-------
Passed missing hostname in `send()`.
Repository: mesos
Description
-------
The Socket::connect() function now takes an optional string
as an additional argument. This is to prepare support for proper
TLS hostname validation.
With TCP, a connection is always made to a specific IP address,
with the hostname just serving as an artifact to help humans
remember that address.
With TLS, the roles are switched: A connection is made to a
specific hostname (which is recorded in a TLS certificate),
with the IP address just being a network-layer artifact to
help packets route to that hostname.
Therefore, a connecting TLS socket must be aware of the
hostname it is supposed to connect to.
Diffs (updated)
-----
3rdparty/libprocess/include/process/http.hpp 029605eaff72e80206cb7dfd64c2f898084155e0
3rdparty/libprocess/include/process/socket.hpp 4f0f6e9aa6e95e826e3de96e518a7200ad7a8f83
3rdparty/libprocess/src/http.cpp 3e73ee936f5c6329f41704a179f3d88ab65dfb6d
3rdparty/libprocess/src/poll_socket.hpp 15b7902ba2b10fad63e2ba7b8d5081d4b9e2d1c7
3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp 6ef5a86566af3439cfe0b06ab3576076623f7be0
3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 7e2229a9ed815727500bd457356e5531607fa6cf
3rdparty/libprocess/src/posix/poll_socket.cpp 74acb6942682a9d9626df81b303eba0a1c24ecf7
3rdparty/libprocess/src/process.cpp 799666f03d6a78708aa9336c2dd04bc9b5023aa0
3rdparty/libprocess/src/windows/poll_socket.cpp 565b0088dc2b270193e615655f57f48419eb2c12
Diff: https://reviews.apache.org/r/70883/diff/2/
Changes: https://reviews.apache.org/r/70883/diff/1-2/
Testing
-------
Thanks,
Benno Evers
Re: Review Request 70883: Added optional 'peer_hostname' argument to
Socket::connect().
Posted by Benno Evers <be...@mesosphere.com>.
> On July 3, 2019, 3:38 p.m., Benjamin Mahler wrote:
> > Can you discard this patch in favor of the agreed upon interface?
> >
> > This patch looks pretty small outside of the interface changes, so it should be easy to re-work into the new approach? We don't want to commit a confusing interface only to immediately rework it, so let's just go with the better interface.
Left it as is for now, as discussed over Slack.
- Benno
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70883/#review216341
-----------------------------------------------------------
On July 2, 2019, 5:29 p.m., Benno Evers wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70883/
> -----------------------------------------------------------
>
> (Updated July 2, 2019, 5:29 p.m.)
>
>
> Review request for mesos, Benjamin Mahler, Joseph Wu, and Till Toenshoff.
>
>
> Repository: mesos
>
>
> Description
> -------
>
> The Socket::connect() function now takes an optional string
> as an additional argument. This is to prepare support for proper
> TLS hostname validation.
>
> With TCP, a connection is always made to a specific IP address,
> with the hostname just serving as an artifact to help humans
> remember that address.
>
> With TLS, the roles are switched: A connection is made to a
> specific hostname (which is recorded in a TLS certificate),
> with the IP address just being a network-layer artifact to
> help packets route to that hostname.
>
> Therefore, a connecting TLS socket must be aware of the
> hostname it is supposed to connect to.
>
>
> Diffs
> -----
>
> 3rdparty/libprocess/include/process/http.hpp 029605eaff72e80206cb7dfd64c2f898084155e0
> 3rdparty/libprocess/include/process/socket.hpp 4f0f6e9aa6e95e826e3de96e518a7200ad7a8f83
> 3rdparty/libprocess/src/http.cpp 3e73ee936f5c6329f41704a179f3d88ab65dfb6d
> 3rdparty/libprocess/src/poll_socket.hpp 15b7902ba2b10fad63e2ba7b8d5081d4b9e2d1c7
> 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp 6ef5a86566af3439cfe0b06ab3576076623f7be0
> 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 7e2229a9ed815727500bd457356e5531607fa6cf
> 3rdparty/libprocess/src/posix/poll_socket.cpp 74acb6942682a9d9626df81b303eba0a1c24ecf7
> 3rdparty/libprocess/src/process.cpp 799666f03d6a78708aa9336c2dd04bc9b5023aa0
> 3rdparty/libprocess/src/windows/poll_socket.cpp 565b0088dc2b270193e615655f57f48419eb2c12
>
>
> Diff: https://reviews.apache.org/r/70883/diff/3/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Benno Evers
>
>
Re: Review Request 70883: Added optional 'peer_hostname' argument to
Socket::connect().
Posted by Benjamin Mahler <bm...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70883/#review216341
-----------------------------------------------------------
Can you discard this patch in favor of the agreed upon interface?
This patch looks pretty small outside of the interface changes, so it should be easy to re-work into the new approach? We don't want to commit a confusing interface only to immediately rework it, so let's just go with the better interface.
- Benjamin Mahler
On July 2, 2019, 5:29 p.m., Benno Evers wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70883/
> -----------------------------------------------------------
>
> (Updated July 2, 2019, 5:29 p.m.)
>
>
> Review request for mesos, Benjamin Mahler, Joseph Wu, and Till Toenshoff.
>
>
> Repository: mesos
>
>
> Description
> -------
>
> The Socket::connect() function now takes an optional string
> as an additional argument. This is to prepare support for proper
> TLS hostname validation.
>
> With TCP, a connection is always made to a specific IP address,
> with the hostname just serving as an artifact to help humans
> remember that address.
>
> With TLS, the roles are switched: A connection is made to a
> specific hostname (which is recorded in a TLS certificate),
> with the IP address just being a network-layer artifact to
> help packets route to that hostname.
>
> Therefore, a connecting TLS socket must be aware of the
> hostname it is supposed to connect to.
>
>
> Diffs
> -----
>
> 3rdparty/libprocess/include/process/http.hpp 029605eaff72e80206cb7dfd64c2f898084155e0
> 3rdparty/libprocess/include/process/socket.hpp 4f0f6e9aa6e95e826e3de96e518a7200ad7a8f83
> 3rdparty/libprocess/src/http.cpp 3e73ee936f5c6329f41704a179f3d88ab65dfb6d
> 3rdparty/libprocess/src/poll_socket.hpp 15b7902ba2b10fad63e2ba7b8d5081d4b9e2d1c7
> 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp 6ef5a86566af3439cfe0b06ab3576076623f7be0
> 3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp 7e2229a9ed815727500bd457356e5531607fa6cf
> 3rdparty/libprocess/src/posix/poll_socket.cpp 74acb6942682a9d9626df81b303eba0a1c24ecf7
> 3rdparty/libprocess/src/process.cpp 799666f03d6a78708aa9336c2dd04bc9b5023aa0
> 3rdparty/libprocess/src/windows/poll_socket.cpp 565b0088dc2b270193e615655f57f48419eb2c12
>
>
> Diff: https://reviews.apache.org/r/70883/diff/3/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Benno Evers
>
>