mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joris Van Remoortere" <joris.van.remoort...@gmail.com>
Subject Re: Review Request 31207: Support for SSL and non-ssl traffic simultaneously.
Date Mon, 29 Jun 2015 18:49:14 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31207/
-----------------------------------------------------------

(Updated June 29, 2015, 6:49 p.m.)


Review request for mesos and Benjamin Hindman.


Changes
-------

Factor out (now) un-used process reference from link_connect.
Cleanup.


Bugs: MESOS-2085
    https://issues.apache.org/jira/browse/MESOS-2085


Repository: mesos


Description
-------

Add a flag SSL_SUPPORT_DOWNGRADE which allows:
1. an SSL accepting socket to peek at the incoming data. If the hello handshake bits are not
set, then accept as a Socket::POLL socket instead.
2. When calling Process::link or Process:send(Message), if a new connection is required, allow
a second attempt using Socket::POLL if an SSL connection was first attempted.


Diffs (updated)
-----

  3rdparty/libprocess/include/process/socket.hpp f53d2e1dbb31e135c8951145d379cbbff3044448

  3rdparty/libprocess/src/libevent_ssl_socket.hpp 4f2cd357bfdb5268d2bae2df5d7138ff14064bf6

  3rdparty/libprocess/src/libevent_ssl_socket.cpp 2920e0e1a5643118b14911d77fb682e60958b4e6

  3rdparty/libprocess/src/openssl.hpp 60c7b078b891e09d53d82508bb2965addf359d68 
  3rdparty/libprocess/src/openssl.cpp 6ff4adb4c9792ff10d8c6ed2f3b2f3d8d0d7f1a8 
  3rdparty/libprocess/src/poll_socket.hpp 553aa641525d587a44608d7c6c4f16b09b47cfe0 
  3rdparty/libprocess/src/process.cpp 52649fb90cdbefb495b68d0beb8c7f7e5ef6888e 
  3rdparty/libprocess/src/tests/ssl_tests.cpp c077aaeaecbe2cdcdad2b042741eeb8906699a22 

Diff: https://reviews.apache.org/r/31207/diff/


Testing
-------

Running with:
1) An SSL master
  - connect a non-ssl slave
  - connect a non-ssl framework
  - connect an ssl slave
  - connect an ssl framework
2) A non-ssl master
  - connect a non-ssl slave
  - connect a non-ssl framework
  - connect an ssl slave
  - connect an ssl framework


Thanks,

Joris Van Remoortere


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message