mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Peach (JIRA)" <j...@apache.org>
Subject [jira] [Created] (MESOS-7822) Adopt X509_check_host.
Date Fri, 21 Jul 2017 22:44:00 GMT
James Peach created MESOS-7822:
----------------------------------

             Summary: Adopt X509_check_host.
                 Key: MESOS-7822
                 URL: https://issues.apache.org/jira/browse/MESOS-7822
             Project: Mesos
          Issue Type: Bug
          Components: libprocess, security
            Reporter: James Peach


{{libprocess}} is carrying custom hostname verification code, which uses deprecated OpenSSL
API:

{noformat}
../../../3rdparty/libprocess/src/openssl.cpp: In function ‘Try<Nothing> process::network::openssl::verify(const
SSL*, const Option<std::__cxx11::basic_string<char> >&, const Option<net::IP>&)’:
../../../3rdparty/libprocess/src/openssl.cpp:677:42: warning: ‘unsigned char* ASN1_STRING_data(ASN1_STRING*)’
is deprecated [-Wdeprecated-declarations]
                   current_name->d.dNSName));
                                          ^
In file included from /usr/include/openssl/opensslconf.h:42:0,
                 from /usr/include/openssl/bn.h:31,
                 from /usr/include/openssl/asn1.h:24,
                 from /usr/include/openssl/objects.h:916,
                 from /usr/include/openssl/evp.h:27,
                 from /usr/include/openssl/x509.h:23,
                 from /usr/include/openssl/ssl.h:50,
                 from ../../../3rdparty/libprocess/src/openssl.hpp:16,
                 from ../../../3rdparty/libprocess/src/openssl.cpp:13:
/usr/include/openssl/asn1.h:553:1: note: declared here
 DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
 ^
{noformat}

We should replace this (optionally with a OpenSSL version check) with a call to [X509_check_host|https://www.openssl.org/docs/man1.1.0/crypto/X509_check_host.html]
which is available since OpenSSL 1.0.2.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message