[TS-2773] Rewrite SSL certificate configuration - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 8.0.0
Component/s: Configuration, SSL
Labels:
- incompatible

Description

Currently, SSL certificate configuration is split across records.config and ssl-multicert.config. This leads to awkward situations where you can't enable client certificate validation for a particular server certificate, and you can't add a SSL key passphrase dialog globally.

I'd like to unify the SSL configuration by pushing all the configuration parameters down to records.config and allowing ssl-multicert.config to override those settings. This would be logically similar to how overridable configurations work for the TS API.

I plan to retain backwards compatibility with 4.x ssl-multicert.config syntax. You would still need ssl-multicert.config to be able to configure multiple SSL certificates.

Attachments

Issue Links

blocks

TS-3671 ☂ Critical issues for v7.0.0 release

Open

is duplicated by

TS-2908 Parents with SSL certificate

Closed

is required by

TS-3216 Add HPKP (Public Key Pinning Extension for HTTP) support

Open

relates to

TS-3371 Should create a global session ticket disable

Closed

Activity

People

Assignee:: Unassigned

Reporter:: James Peach

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 01/May/14 17:57

Updated:: 22/Dec/16 16:52