mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Wu <jos...@mesosphere.io>
Subject Re: Review Request 53997: Fix SSL downgrade pathway for temporary/persistent sockets.
Date Tue, 22 Nov 2016 22:01:58 GMT


> On Nov. 22, 2016, 1:19 p.m., Benjamin Mahler wrote:
> > 3rdparty/libprocess/src/process.cpp, lines 2476-2477
> > <https://reviews.apache.org/r/53997/diff/1/?file=1568675#file1568675line2476>
> >
> >     Do you want an else if here to match the close logic? Otherwise, maybe add back
the newline here?

Matching the `close` logic sounds like a good idea.  To completely match the logic (and hence
the assumption that the set of temporary vs persistent sockets do not overlap), I'd also want
to flip the if-statements around: swap persistent ones first, else temporary ones.


- Joseph


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53997/#review156632
-----------------------------------------------------------


On Nov. 22, 2016, 2:01 p.m., Joseph Wu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53997/
> -----------------------------------------------------------
> 
> (Updated Nov. 22, 2016, 2:01 p.m.)
> 
> 
> Review request for mesos, Benjamin Mahler and Joris Van Remoortere.
> 
> 
> Bugs: MESOS-6621
>     https://issues.apache.org/jira/browse/MESOS-6621
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This fixes some potential CHECK failures when a libprocess process
> has (1) SSL downgrade enabled and (2) temporary and persistent
> connections open with the same remote address.  The second point is
> only possible if messages are to a remote address without a persistent
> connection and then a persistent connection is created.
> 
> The SSL downgrade path was only checking if the address of a socket
> matched when performing the downgrade.  The code must also check to
> see if the socket itself matches.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/process.cpp 84971fa5151991c51e78abdbc736c719e30588f1 
> 
> Diff: https://reviews.apache.org/r/53997/diff/
> 
> 
> Testing
> -------
> 
> See related ticket for the clunky unit test.  Ran that test in repetition.
> 
> make check
> 
> 
> Thanks,
> 
> Joseph Wu
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message