felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carsten Ziegeler <cziege...@apache.org>
Subject Re: Accepting all client certificates (FELIX-4797)
Date Fri, 06 Mar 2015 10:41:58 GMT
Hi Pascal,

Am 05.03.15 um 16:06 schrieb Pascal Mainini:
> I understand your point about the setting beeing dangerous (however I
> would expect someone configuring authentication with client certificates
> to be able to grasp the implications of it ;-)

Yeah, that would be ideal :)

> We see the following possibilities:
> 1. (for completness) patch as-is
> 2. The patch but without metatype-definitions (thus the feature could
>    not directly be configured over configmgr-gui, needing more
>    interaction from the user)
> 3. Extend the code to make this injectable as a service
> What do you think?

Ok, I guess 3. is maybe really overkill, especially as we would have to
introduce an API package for the Jetty implementation (which we
currently do not have).
1. scares me :) , 2. sounds like a good compromise for me.

What do others think?

Carsten Ziegeler
Adobe Research Switzerland

View raw message