[MESOS-9790] Libprocess does not use standard tooling for hostname validation. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: libprocess
Labels:
- foundations
- mesosphere
- security
- ssl
- tls

Epic Link:
ssl-cert-verification

Description

Libprocess currently uses custom code for hostname validation in its SSL certificate verification workflow. However openssl provides a function for this, X509_check_host() .

For safety and reliability, we should enable an option to use X509_check_host() for hostname validation instead of our custom code, but preserve the custom code for backward compatibility.

Attachments

Issue Links

is superceded by

MESOS-9809 Use OpenSSL built-in functions for hostname validation

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Alex R

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/May/19 10:05

Updated:: 03/Jun/19 22:45

Resolved:: 03/Jun/19 22:45