Return-Path: X-Original-To: apmail-trafficserver-dev-archive@www.apache.org Delivered-To: apmail-trafficserver-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2AA8418EAF for ; Sun, 19 Jul 2015 10:32:12 +0000 (UTC) Received: (qmail 32167 invoked by uid 500); 19 Jul 2015 10:32:12 -0000 Delivered-To: apmail-trafficserver-dev-archive@trafficserver.apache.org Received: (qmail 32094 invoked by uid 500); 19 Jul 2015 10:32:11 -0000 Mailing-List: contact dev-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@trafficserver.apache.org Delivered-To: mailing list dev@trafficserver.apache.org Received: (qmail 32083 invoked by uid 99); 19 Jul 2015 10:32:11 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Jul 2015 10:32:11 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 77D67E00DE; Sun, 19 Jul 2015 10:32:11 +0000 (UTC) From: zwoop To: dev@trafficserver.apache.org Reply-To: dev@trafficserver.apache.org References: In-Reply-To: Subject: [GitHub] trafficserver pull request: TS-3746: Make proxy.config.ssl.client.... Content-Type: text/plain Message-Id: <20150719103211.77D67E00DE@git1-us-west.apache.org> Date: Sun, 19 Jul 2015 10:32:11 +0000 (UTC) Github user zwoop commented on the pull request: https://github.com/apache/trafficserver/pull/254#issuecomment-122645818 I have a few concerns with the code here actually. In general, we want more configurations overridable, including cache configurations and network configurations. I tried this once before, and it got -1'd for other reasons (cache clustering). What I'm asking for is, is there some better way we can convey the entire "oride" object back to other areas of the system, such as the network layers and cache layers ? It wouldn't be particular efficient to do many of these "special cases" going forward. Also, there's some legitimate concerns here re: this being a generally good idea, or a fix for an organizational issue. I'll have to noodle on that a bit more (my gut tells me, if you want to enable cert verification for one set of servers, is it that much more work to do it for all servers?). That much said, a few comments on the patch itself: 1) I think ssl_client_verify_server should be a MgmtByte, moved up to the section of those (to avoid padding), and of course use HttpEstablishStaticConfigByte() to for loading. 2) I don't think this patch was run through clang-format, the indentation doesn't look right. 3) Similarly to 1), but on line 1062 in HttpSM, we introduce two "empty" lines, with 2 white spaces? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---