felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carsten Ziegeler <cziege...@apache.org>
Subject Re: Accepting all client certificates (FELIX-4797)
Date Thu, 05 Mar 2015 08:36:01 GMT
Am 05.03.15 um 09:13 schrieb Pascal Mainini:
> Dear Felix-developers
> 
> a few weeks ago, I have submitted a proposal for a patch[1] enabling the
> Felix HTTP/Jetty-service to accept any client certificate without doing
> further validation of it. The need for it arises in a project I am part
> of and is mainly due to the usecase of enabling authentication using
> WebID[2].
> 
> After a few initial comments, things - as far as I can see - got quiet,
> so I decided to bring the issue to this mailinglist - I hope this is the
> appropriate place.
> 
> Maybe you can give me an update about the current state/processes or
> tell me if I need to go into more details etc.
> 
Hi,

as noted in the issue this is a very dangerous setting - it might be ok
in your use case, but in general you definitely don't want to do this.
Therefore I'm a little bit reluctant to add such a general setting.
I like the idea from Reto to make this pluggable via a service. In this
case you can still provide your own implementation but for everyone else
it gets harder to shoot themselves in the foot.

Carsten
-- 
Carsten Ziegeler
Adobe Research Switzerland
cziegeler@apache.org

Mime
View raw message