Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9493

Libprocess can avoid hostname lookup in some cases when accepting TLS connections.

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.8.0
    • Fix Version/s: None
    • Component/s: libprocess
    • Labels:

      Description

      libprocess, when accepting incoming connections on SSL/libevent builds, does attempt to retrieve the hostname for the peer address;
      https://github.com/apache/mesos/blob/8344f303ffd6429ffa781e7fd7de5d00d9946d78/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp#L1158-L1168

      The motivation for that step is the peer certificate verification, possibly happening later in that process; https://github.com/apache/mesos/blob/8344f303ffd6429ffa781e7fd7de5d00d9946d78/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp#L441

      The peer certificate verification however is optional and switched off by default: https://github.com/apache/mesos/blob/8344f303ffd6429ffa781e7fd7de5d00d9946d78/3rdparty/libprocess/src/openssl.cpp#L88-L97

      As an optimisation, we could skip the retrieval of the hostname when certificate verification was disabled.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tillt Till Toenshoff
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: