[COUCHDB-840] be more relaxed about verifying SSL certificate chains - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0
Fix Version/s: 1.0.1
Component/s: None
Labels:
None

Description

The new Erlang SSL implementation (which we use to consume _changes) has a default verification depth of 1. This causes pull replication from an SSL-wrapped server to fail if the server has an intermediate certificate in its chain. Intermediate certificates are pretty common especially at the cheaper end, e.g. GoDaddy certs. OpenSSL uses a default depth of 9; I think we should do the same.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

COUCHDB-840.patch
29/Jul/10 00:01
0.6 kB
Adam Kocoloski

Activity

People

Assignee:: Unassigned

Reporter:: Adam Kocoloski

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 28/Jul/10 23:59

Updated:: 29/May/13 15:47

Resolved:: 29/Jul/10 00:05