mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Peach (JIRA)" <>
Subject [jira] [Created] (MESOS-7822) Adopt X509_check_host.
Date Fri, 21 Jul 2017 22:44:00 GMT
James Peach created MESOS-7822:

             Summary: Adopt X509_check_host.
                 Key: MESOS-7822
             Project: Mesos
          Issue Type: Bug
          Components: libprocess, security
            Reporter: James Peach

{{libprocess}} is carrying custom hostname verification code, which uses deprecated OpenSSL

../../../3rdparty/libprocess/src/openssl.cpp: In function ‘Try<Nothing> process::network::openssl::verify(const
SSL*, const Option<std::__cxx11::basic_string<char> >&, const Option<net::IP>&)’:
../../../3rdparty/libprocess/src/openssl.cpp:677:42: warning: ‘unsigned char* ASN1_STRING_data(ASN1_STRING*)’
is deprecated [-Wdeprecated-declarations]
In file included from /usr/include/openssl/opensslconf.h:42:0,
                 from /usr/include/openssl/bn.h:31,
                 from /usr/include/openssl/asn1.h:24,
                 from /usr/include/openssl/objects.h:916,
                 from /usr/include/openssl/evp.h:27,
                 from /usr/include/openssl/x509.h:23,
                 from /usr/include/openssl/ssl.h:50,
                 from ../../../3rdparty/libprocess/src/openssl.hpp:16,
                 from ../../../3rdparty/libprocess/src/openssl.cpp:13:
/usr/include/openssl/asn1.h:553:1: note: declared here
 DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))

We should replace this (optionally with a OpenSSL version check) with a call to [X509_check_host|]
which is available since OpenSSL 1.0.2.

This message was sent by Atlassian JIRA

View raw message