couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filipe David Manana <fdman...@apache.org>
Subject Re: CouchDB 1.1
Date Wed, 15 Sep 2010 22:09:33 GMT
On Wed, Sep 15, 2010 at 10:13 PM, James Jackson <james.jackson@cern.ch>wrote:

> Hi,
>
> > 1) The replicator allows ssl connections to hosts with self-signed
> > certificates by default, obviating the security of the protocol. Since
> > this is the OTP default (seriously), we probably want to get a patch
> > upstream as well.
>
> There is a patch for this here:
>
> https://issues.apache.org/jira/browse/COUCHDB-878
>
> I have a local patch which folds this verification function with the added
> ability for SSL replication sessions to be be authenticated by a key / cert
> pair; I haven't had a chance to test it though (waiting on our
> authenticating front-end to be set up) so haven't submitted the patch. If
> somebody is willing to test it, I can open up a ticket with the patch.
>
> As essentially the patch builds SSL parameters for the http_db objects
> which get passed around the replicator, it made sense to factor the
> verification and SSL certification stuff into one 'get_ssl_parameters'
> function.
>

Looks fine, but actually doesn't deal with the new SSL implementation from
OTP R14A.

I've been working on it as part of desktopcouch but didn't commit it to the
ASF repository:

http://github.com/fdmanana/desktopcouch-ubuntu-10_10/commit/49eb401b991f334ab06cc7a0f4031c7aafb927a7

Doing a few more testing before committing it.


>
> Regards,
> James.




-- 
Filipe David Manana,
fdmanana@gmail.com, fdmanana@apache.org

"Reasonable men adapt themselves to the world.
 Unreasonable men adapt the world to themselves.
 That's why all progress depends on unreasonable men."

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message