couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Kocoloski (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (COUCHDB-840) be more relaxed about verifying SSL certificate chains
Date Wed, 29 May 2013 15:48:22 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Adam Kocoloski closed COUCHDB-840.
----------------------------------

    
> be more relaxed about verifying SSL certificate chains
> ------------------------------------------------------
>
>                 Key: COUCHDB-840
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-840
>             Project: CouchDB
>          Issue Type: Improvement
>    Affects Versions: 1.0
>            Reporter: Adam Kocoloski
>             Fix For: 1.0.1
>
>         Attachments: COUCHDB-840.patch
>
>
> The new Erlang SSL implementation (which we use to consume _changes) has a default verification
depth of 1.  This causes pull replication from an SSL-wrapped server to fail if the server
has an intermediate certificate in its chain.  Intermediate certificates are pretty common
especially at the cheaper end, e.g. GoDaddy certs.  OpenSSL uses a default depth of 9; I think
we should do the same.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message