You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Alexander Rukletsov (JIRA)" <ji...@apache.org> on 2019/05/21 10:18:00 UTC

[jira] [Created] (MESOS-9791) Libprocess does not support server only SSL certificate verification.

Alexander Rukletsov created MESOS-9791:
------------------------------------------

             Summary: Libprocess does not support server only SSL certificate verification.
                 Key: MESOS-9791
                 URL: https://issues.apache.org/jira/browse/MESOS-9791
             Project: Mesos
          Issue Type: Improvement
          Components: libprocess
            Reporter: Alexander Rukletsov


Currently SSL certificate verification in Libprocess can be configured in the [following ways|https://github.com/apache/mesos/blob/eecb82c77117998af0c67a53c64e9b1e975acfa4/3rdparty/libprocess/src/openssl.cpp#L88-L97]:
(1) send certificate if in server mode, verify peer certificates *if present*;
(2) require valid peer certificates in *both* client and server modes.

It is currently impossible to configure a Libprocess instance to simultaneously:
(3) require valid peer certificate in client mode and send certificate in server mode.

Because Libprocess is often used by programs that act both as servers and clients, implementing (3) is necessary to enable the so-called webserver-browser model.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)