couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kxepal <...@git.apache.org>
Subject [GitHub] couchdb pull request: Support `fail_if_no_peer_cert` ssl option
Date Tue, 13 May 2014 16:00:36 GMT
Github user kxepal commented on a diff in the pull request:

    https://github.com/apache/couchdb/pull/231#discussion_r12591595
  
    --- Diff: etc/couchdb/local.ini ---
    @@ -66,6 +66,8 @@
     ;password = somepassword
     ; set to true to validate peer certificates
     verify_ssl_certificates = false
    +; Set to true to fail if the client does not send a certificate. Only used if verify_ssl_certificates
is true.
    +fail_if_no_peer_cert = false
    --- End diff --
    
    I understand the position "RTFM First", but that's the actual problem of all configurations:
you're reading the config, you're don't understand what the options actually does, you're
going to google (nobody reads the docs) to find the answer or to ML to ask the same question
again. Name should reflect the behaviour clearly. "Fail" is good for Erlang since "Let it
crash!", but CouchDB wouldn't actually "fail" because of empty client certificate: it will
just reject such requests and keep going. So actually there are two names that are suitable
for configuration: `require_peer_cert` and `reject_if_no_peer_cert`. Last one too verbose.
    
    I understand the reasons why you picked such name, but I feel that it could be better.
Or at least comment should clarify what the "fail" actually stands for. Probably, we could
ask others devs opinion? 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message