trafficserver-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ushachar <...@git.apache.org>
Subject [GitHub] trafficserver pull request: TS-3746: Make proxy.config.ssl.client....
Date Sat, 18 Jul 2015 22:44:08 GMT
Github user ushachar commented on the pull request:

    https://github.com/apache/trafficserver/pull/254#issuecomment-122602663
  
    I'm with @jpeach on this one - allowing this to be configurable per transaction doesn't
really make sense to me (it's not really like keep-alive -- once you do the validation and
allow the connection, that's it - subsequent changes to the config won't have any meaning
unless you're planning to implement a 'revalidation' API for existing connections).
    
    Why not just instruct the admin to add the specific server/CA cert to their trusted cert
storage?
    That's far more secure then adding a hostname/IP based exception, and doesn't require
any code change....


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message