trafficserver-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zwoop <...@git.apache.org>
Subject [GitHub] trafficserver pull request: TS-3746: Make proxy.config.ssl.client....
Date Sun, 19 Jul 2015 10:32:11 GMT
Github user zwoop commented on the pull request:

    https://github.com/apache/trafficserver/pull/254#issuecomment-122645818
  
    I have a few concerns with the code here actually. In general, we want more configurations
overridable, including cache configurations and network configurations. I tried this once
before, and it got -1'd for other reasons (cache clustering). What I'm asking for is, is there
some better way we can convey the entire "oride" object back to other areas of the system,
such as the network layers and cache layers ? It wouldn't be particular efficient to do many
of these "special cases" going forward.
    
    Also, there's some legitimate concerns here re: this being a generally good idea, or a
fix for an organizational issue. I'll have to noodle on that a bit more (my gut tells me,
if you want to enable cert verification for one set of servers, is it that much more work
to do it for all servers?).
    
    That much said, a few comments on the patch itself:
    
    1) I think ssl_client_verify_server should be a MgmtByte, moved up to the section of those
(to avoid padding), and of course use HttpEstablishStaticConfigByte() to for loading.
    
    2) I don't think this patch was run through clang-format, the indentation doesn't look
right.
    
    3) Similarly to 1), but on line 1062 in HttpSM, we introduce two "empty" lines, with 2
white spaces?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message