couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filipe David Manana <>
Subject Re: CouchDB 1.1
Date Wed, 15 Sep 2010 22:09:33 GMT
On Wed, Sep 15, 2010 at 10:13 PM, James Jackson <>wrote:

> Hi,
> > 1) The replicator allows ssl connections to hosts with self-signed
> > certificates by default, obviating the security of the protocol. Since
> > this is the OTP default (seriously), we probably want to get a patch
> > upstream as well.
> There is a patch for this here:
> I have a local patch which folds this verification function with the added
> ability for SSL replication sessions to be be authenticated by a key / cert
> pair; I haven't had a chance to test it though (waiting on our
> authenticating front-end to be set up) so haven't submitted the patch. If
> somebody is willing to test it, I can open up a ticket with the patch.
> As essentially the patch builds SSL parameters for the http_db objects
> which get passed around the replicator, it made sense to factor the
> verification and SSL certification stuff into one 'get_ssl_parameters'
> function.

Looks fine, but actually doesn't deal with the new SSL implementation from

I've been working on it as part of desktopcouch but didn't commit it to the
ASF repository:

Doing a few more testing before committing it.

> Regards,
> James.

Filipe David Manana,,

"Reasonable men adapt themselves to the world.
 Unreasonable men adapt the world to themselves.
 That's why all progress depends on unreasonable men."

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message