couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kxepal <...@git.apache.org>
Subject [GitHub] couchdb pull request: Support `fail_if_no_peer_cert` ssl option
Date Mon, 12 May 2014 09:21:09 GMT
Github user kxepal commented on a diff in the pull request:

    https://github.com/apache/couchdb/pull/231#discussion_r12519566
  
    --- Diff: etc/couchdb/local.ini ---
    @@ -66,6 +66,8 @@
     ;password = somepassword
     ; set to true to validate peer certificates
     verify_ssl_certificates = false
    +; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates
is true.
    +fail_if_no_peer_cert = false
    --- End diff --
    
    Yes, I saw that `fail_if_no_peer_cet` is also used by ssl app, but I was driven by the
idea that config options should be more user friendly (no matter how they are related with
internals) (whenever it's possible). `Fail` word sounds scary: no one wanted to let their
server (note, that there is no mention about connection - so we assume the worst) to fail
because of something, so in fact this option name generates negative emotions and will mostly
remains untouched. The `require_peer_cert` sounds more..."secure", since we don't fail, but
we raising requirements for our clients - that's more solid and user friendly.
    
    Anyway, so my loud thoughts (: 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message