You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Alexander Rukletsov (JIRA)" <ji...@apache.org> on 2019/05/21 10:06:01 UTC

[jira] [Created] (MESOS-9790) Libprocess does not use standard tooling for hostname validation.

Alexander Rukletsov created MESOS-9790:
------------------------------------------

             Summary: Libprocess does not use standard tooling for hostname validation. 
                 Key: MESOS-9790
                 URL: https://issues.apache.org/jira/browse/MESOS-9790
             Project: Mesos
          Issue Type: Improvement
          Components: libprocess
            Reporter: Alexander Rukletsov


Libprocess currently uses [custom code|https://github.com/apache/mesos/blob/eecb82c77117998af0c67a53c64e9b1e975acfa4/3rdparty/libprocess/src/openssl.cpp#L755-L863] for hostname validation in its SSL certificate verification workflow. However openssl provides a function for this, [{{X509_check_host()}} |https://www.openssl.org/docs/manmaster/man3/X509_check_host.html].

For safety and reliability, we should enable an option to use {{X509_check_host()}} for hostname validation instead of our custom code, but preserve the custom code for backward compatibility.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)