You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Alexander Rukletsov (JIRA)" <ji...@apache.org> on 2019/05/21 10:06:01 UTC
[jira] [Created] (MESOS-9790) Libprocess does not use standard
tooling for hostname validation.
Alexander Rukletsov created MESOS-9790:
------------------------------------------
Summary: Libprocess does not use standard tooling for hostname validation.
Key: MESOS-9790
URL: https://issues.apache.org/jira/browse/MESOS-9790
Project: Mesos
Issue Type: Improvement
Components: libprocess
Reporter: Alexander Rukletsov
Libprocess currently uses [custom code|https://github.com/apache/mesos/blob/eecb82c77117998af0c67a53c64e9b1e975acfa4/3rdparty/libprocess/src/openssl.cpp#L755-L863] for hostname validation in its SSL certificate verification workflow. However openssl provides a function for this, [{{X509_check_host()}} |https://www.openssl.org/docs/manmaster/man3/X509_check_host.html].
For safety and reliability, we should enable an option to use {{X509_check_host()}} for hostname validation instead of our custom code, but preserve the custom code for backward compatibility.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)