You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Till Toenshoff via Review Board <no...@reviews.apache.org> on 2019/07/01 13:54:54 UTC
Re: Review Request 70795: Updated SSL docs to include new libprocess
flag.
> On June 21, 2019, 1:34 a.m., Till Toenshoff wrote:
> > docs/ssl.md
> > Lines 194 (patched)
> > <https://reviews.apache.org/r/70795/diff/3/?file=2151430#file2151430line194>
> >
> > I wonder if we should already start a deprecation of the `libprocess` scheme - that would be:
> > - announcing that `openssl` will be standard soon on compatible boxes
> > - announcing it to be gone at some point
> >
> > Or am I too eager for unification here?
>
> Benno Evers wrote:
> It's actually a pretty big change - the 'libprocess' behaviour was built, I assume, to "magically" work with normal certificates w/o IP addresses despite libprocess only knowing about IP addresses. In DC/OS we don't notice most of it, since there all our certificates *do* contain the correct IP address, but at least quite a few unit tests will break by switching the default.
>
> So I actually agree we should do this deprecation, but I'm not sure about the timeline.
>
> Benno Evers wrote:
> Created https://issues.apache.org/jira/browse/MESOS-9857 to track the change.
Great - next we would update all relevant documentation with a deprecation note and a reference of that ticket.
Right now I am contemplating doing this in a single run, right away, instead of multiple phases. Multiple phases would which would allow us to have that `libprocess` default without having to warn about it.
What do you think?
We would ...
- add a comment note here
- add an SSL flags description note
- possibly have the flags validation output a deprecation warning
- anything I forgot here?
- Till
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70795/#review216020
-----------------------------------------------------------
On June 21, 2019, 3:05 p.m., Benno Evers wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70795/
> -----------------------------------------------------------
>
> (Updated June 21, 2019, 3:05 p.m.)
>
>
> Review request for mesos, Alexander Rukletsov, Benjamin Mahler, Jan-Philip Gehrcke, Joseph Wu, and Till Toenshoff.
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Added a description of the new `--hostname_validation_scheme` flag
> and corresponding `LIBPROCESS_SSL_HOSTNAME_VALIDATION_SCHEME`
> environment variable.
>
>
> Diffs
> -----
>
> docs/ssl.md ce5058896144aa7824986d40d996899d92cb7c1c
>
>
> Diff: https://reviews.apache.org/r/70795/diff/4/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Benno Evers
>
>