Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9809

Use OpenSSL built-in functions for hostname validation

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.9.0
    • None
    • Mesos Foundations: RI15 Sp 48, Mesos Foundations: RI 15 Sp 49, Mesos Foundations: RI-16 Sp 50
    • 5

    Description

      We traditionally use a hand-written hostname validation algorithm in libprocess that is based on the example code in https://wiki.openssl.org/index.php/Hostname_validation

      However, since OpenSSL 1.1.0, there is a new built-in function API `SSL_set1_host()` that can be used to let OpenSSL handle hostname validation during the TLS handshake in a standardized manner.

      We should take advantage of this when possible.

      Attachments

        Issue Links

        supercedes

        Improvement - An improvement or enhancement to an existing feature or task. MESOS-9790 Libprocess does not use standard tooling for hostname validation.

        • Major - Major loss of function.
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            bennoe Benno Evers
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Agile

                Completed Sprints:
                Mesos Foundations: RI15 Sp 48 ended 19/Jun/19
                Mesos Foundations: RI 15 Sp 49 ended 03/Jul/19
                Mesos Foundations: RI-16 Sp 50 ended 17/Jul/19
                View on Board

                Slack

                  Issue deployment