couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Jackson <>
Subject Re: CouchDB 1.1
Date Wed, 15 Sep 2010 21:13:31 GMT

> 1) The replicator allows ssl connections to hosts with self-signed
> certificates by default, obviating the security of the protocol. Since
> this is the OTP default (seriously), we probably want to get a patch
> upstream as well.

There is a patch for this here:

I have a local patch which folds this verification function with the added ability for SSL
replication sessions to be be authenticated by a key / cert pair; I haven't had a chance to
test it though (waiting on our authenticating front-end to be set up) so haven't submitted
the patch. If somebody is willing to test it, I can open up a ticket with the patch.

As essentially the patch builds SSL parameters for the http_db objects which get passed around
the replicator, it made sense to factor the verification and SSL certification stuff into
one 'get_ssl_parameters' function.

View raw message