[MESOS-9791] Libprocess does not support server only SSL certificate verification. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.9.0
Component/s: libprocess
Labels:
- foundations
- mesosphere
- security
- ssl
- tls

Epic Link:
ssl-cert-verification

Description

Currently SSL certificate verification in Libprocess can be configured in the following ways:
(1) send certificate if in server mode, verify peer certificates if present;
(2) require valid peer certificates in both client and server modes.

It is currently impossible to configure a Libprocess instance to simultaneously:
(3) require valid peer certificate in client mode and send certificate in server mode.

Because Libprocess is often used by programs that act both as servers and clients, implementing (3) is necessary to enable the so-called webserver-browser model.

Attachments

Issue Links

is related to

MESOS-9810 Reject certificate-less ciphers when certificate verification is enabled

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Alex R

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/May/19 10:17

Updated:: 05/Jul/19 13:40

Resolved:: 05/Jul/19 13:40