You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Benno Evers (JIRA)" <ji...@apache.org> on 2019/07/05 13:53:00 UTC

[jira] [Assigned] (MESOS-9878) Enable libprocess users to pass a custom SSL context when using Socket

     [ https://issues.apache.org/jira/browse/MESOS-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benno Evers reassigned MESOS-9878:
----------------------------------

       Resolution: Fixed
         Assignee: Benno Evers
    Fix Version/s: 1.9.0

{noformat}
commit ec129665a346f86c738522536f89de7c519f3e0d
Author: Benno Evers <be...@mesosphere.com>
Date:   Fri Jun 28 20:12:44 2019 +0200

    Added ability to pass custom SSL context to `Socket::connect()`.
    
    Users of libprocess can now pass a custom SSL context when
    connecting a generic socket via the `Socket::connect()`
    function.
    
    Additionally the API of `Socket::connect()` was also reworked
    according to the following boundary conditions requested by
    libprocess maintainers:
    
     * When libprocess is compiled without SSL support, neither the
       declaration of the TLS configuration object nor the `connnect()`
       overload that accepts the TLS configuration should be available.
     * Passing just the servername is not an acceptable short-hand for
       using the default TLS configuration together with that servername.
     * When the incorrect overload is selected (i.e. passing TLS config
       to a poll socket or omitting TLS configuration for a TLS socket),
       the program should abort.
    
    This following changes are introduced according to the requirements
    above:
    
     * A new class `openssl::TLSClientConfig` is introduced when libprocess
       is compiled with ssl support.
     * A new overload
       `Socket::connect(const Address&, const TLSClientConfig&)` is
       introduced when libprocess is compiled with ssl support.
     * All call sites are adjusted to check the socket kind before calling
       `connect()`.
    
    Review: https://reviews.apache.org/r/70991
{noformat}

> Enable libprocess users to pass a custom SSL context when using Socket
> ----------------------------------------------------------------------
>
>                 Key: MESOS-9878
>                 URL: https://issues.apache.org/jira/browse/MESOS-9878
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Benno Evers
>            Assignee: Benno Evers
>            Priority: Minor
>              Labels: libprocess
>             Fix For: 1.9.0
>
>
> Connections made through the `Socket::connect()` API will always use the libprocess-global SSL configuration made through the `LIBPROCESS_SSL_*` environment variables.
> Libprocess users might want to override these options while still using the generic socket class.
> Therefore we should provide a way to pass custom configuration to the `Socket::connect()` function.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)