mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Till Toenshoff (JIRA)" <>
Subject [jira] [Created] (MESOS-5724) SSL certificate validation should allow IP only verification.
Date Mon, 27 Jun 2016 19:34:52 GMT
Till Toenshoff created MESOS-5724:

             Summary: SSL certificate validation should allow IP only verification.
                 Key: MESOS-5724
             Project: Mesos
          Issue Type: Bug
          Components: libprocess
    Affects Versions: 1.0.0
            Reporter: Till Toenshoff
            Priority: Blocker

Our SSL certificate validation currently assumes that the host (on connect and on accept)
does have a valid hostname. This however is not true for all valid environments.

{{process::network::openssl::verify}} currently only allows the validation of a certificate
against a hostname. 

RFC2818 however says that it should be perfectly valid to validate a certificate  based on
the IP address.
In some cases, the URI is specified as an IP address rather than a
hostname. In this case, the iPAddress subjectAltName must be present
in the certificate and must exactly match the IP in the URI.

This message was sent by Atlassian JIRA

View raw message