You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Benno Evers (JIRA)" <ji...@apache.org> on 2019/07/05 13:53:00 UTC
[jira] [Assigned] (MESOS-9878) Enable libprocess users to pass a
custom SSL context when using Socket
[ https://issues.apache.org/jira/browse/MESOS-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benno Evers reassigned MESOS-9878:
----------------------------------
Resolution: Fixed
Assignee: Benno Evers
Fix Version/s: 1.9.0
{noformat}
commit ec129665a346f86c738522536f89de7c519f3e0d
Author: Benno Evers <be...@mesosphere.com>
Date: Fri Jun 28 20:12:44 2019 +0200
Added ability to pass custom SSL context to `Socket::connect()`.
Users of libprocess can now pass a custom SSL context when
connecting a generic socket via the `Socket::connect()`
function.
Additionally the API of `Socket::connect()` was also reworked
according to the following boundary conditions requested by
libprocess maintainers:
* When libprocess is compiled without SSL support, neither the
declaration of the TLS configuration object nor the `connnect()`
overload that accepts the TLS configuration should be available.
* Passing just the servername is not an acceptable short-hand for
using the default TLS configuration together with that servername.
* When the incorrect overload is selected (i.e. passing TLS config
to a poll socket or omitting TLS configuration for a TLS socket),
the program should abort.
This following changes are introduced according to the requirements
above:
* A new class `openssl::TLSClientConfig` is introduced when libprocess
is compiled with ssl support.
* A new overload
`Socket::connect(const Address&, const TLSClientConfig&)` is
introduced when libprocess is compiled with ssl support.
* All call sites are adjusted to check the socket kind before calling
`connect()`.
Review: https://reviews.apache.org/r/70991
{noformat}
> Enable libprocess users to pass a custom SSL context when using Socket
> ----------------------------------------------------------------------
>
> Key: MESOS-9878
> URL: https://issues.apache.org/jira/browse/MESOS-9878
> Project: Mesos
> Issue Type: Improvement
> Reporter: Benno Evers
> Assignee: Benno Evers
> Priority: Minor
> Labels: libprocess
> Fix For: 1.9.0
>
>
> Connections made through the `Socket::connect()` API will always use the libprocess-global SSL configuration made through the `LIBPROCESS_SSL_*` environment variables.
> Libprocess users might want to override these options while still using the generic socket class.
> Therefore we should provide a way to pass custom configuration to the `Socket::connect()` function.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)