Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 33A4410340 for ; Wed, 12 Jun 2013 14:28:55 +0000 (UTC) Received: (qmail 55256 invoked by uid 500); 12 Jun 2013 14:28:53 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 55119 invoked by uid 500); 12 Jun 2013 14:28:53 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 55111 invoked by uid 99); 12 Jun 2013 14:28:52 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 14:28:52 +0000 X-ASF-Spam-Status: No, hits=2.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_SOFTFAIL X-Spam-Check-By: apache.org Received-SPF: softfail (nike.apache.org: transitioning domain of mail@sanderdijkhuis.nl does not designate 66.111.4.27 as permitted sender) Received: from [66.111.4.27] (HELO out3-smtp.messagingengine.com) (66.111.4.27) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 14:28:46 +0000 Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id DA71620ED9; Wed, 12 Jun 2013 10:28:24 -0400 (EDT) Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute5.internal (MEProxy); Wed, 12 Jun 2013 10:28:24 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sanderdijkhuis.nl; h=from:content-type:message-id:mime-version:subject:date :references:to:in-reply-to; s=mesmtp; bh=+BkL8rTBgQhjxgkVNPUltRd g+ck=; b=QEUGJlzniiwJ+HhTA/c5Nu8pPB5G1Npfapd5Qohlf9EzY1IskXAkaCv 4+q595Rxrji8ffxRmbzPlb5PMrz7D+Jb36b8GZKEoB9JS/VEqoGyjdQj7vJTVnhS Q+KcX80jzvwtcDXyer9jqtTSPXwCT/pwL+CngsqgZzTqi9UPbTbY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=from:content-type:message-id:mime-version :subject:date:references:to:in-reply-to; s=smtpout; bh=+BkL8rTBg QhjxgkVNPUltRdg+ck=; b=XDBWvDhQ0A564egRh8pzSkJ3Ja3Bv00IW7FrFwNl1 6yibR+0BM9FQ1X5VObLed210pjh/64VTxhyGdfZVGEsF3UXFSiH7RD/oQl+UZ3AU GJoNGnsP4f7zSPFirtJsQOXmPrFl9mnEGG82deZB1P4GA5qFLpC1e1ToEJCb5yVO KA= X-Sasl-enc: FvRuJpg4l3AkfTWw0kBsqwbuVid2XlVI5Os8nQiCu0JQ 1371047304 Received: from [10.22.52.13] (unknown [194.29.118.163]) by mail.messagingengine.com (Postfix) with ESMTPA id 6ED55C00E80 for ; Wed, 12 Jun 2013 10:28:24 -0400 (EDT) From: Sander Dijkhuis Content-Type: multipart/alternative; boundary="Apple-Mail=_9B331310-D6A1-40EC-BFDE-18AF62D0092E" Message-Id: <3E45B2BF-6D7F-462C-93E3-2A3932A07108@sanderdijkhuis.nl> Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Subject: Re: Apache couchDB CA signed certificate issues Date: Wed, 12 Jun 2013 16:28:23 +0200 References: <018674D2811A114F8220F3FAA87F2B700A7DA693@UKSRV022.7city.local> To: user@couchdb.apache.org In-Reply-To: X-Mailer: Apple Mail (2.1508) X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail=_9B331310-D6A1-40EC-BFDE-18AF62D0092E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 What kind of problems should I expect with native SSL? I=92ve just set = up CouchDB with a self-signed certificate, and that seems to work fine = for my purposes. If it=92s advised against, maybe this manual page should mention that: http://docs.couchdb.org/en/latest/configuring.html#native-ssl-support On Jun 12, 2013, at 16:14 , Jason Smith wrote: > That was the single most problematic CouchDB commit I have ever had to = deal > with. (Bob's work was fine; but it forced an introduction I regretted > having.) >=20 >=20 > On Wed, Jun 12, 2013 at 9:03 PM, Robert Newson = wrote: >=20 >> and by "never", I strictly mean "for a very brief period where I = added >> native SSL support to CouchDB in 2010". >>=20 >> B. >>=20 >>=20 >> On 12 June 2013 15:01, Robert Newson wrote: >>> I'd recommend haproxy 1.5 anyway, I've never been a big fan of >>> erlang's built-in SSL support (and it has a fairly yucky history of >>> bugs). >>>=20 >>> B. --Apple-Mail=_9B331310-D6A1-40EC-BFDE-18AF62D0092E--