osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 61984] mod_ssl has SSLProxyVerify set to none by default


https://bz.apache.org/bugzilla/show_bug.cgi?id=61984

Dan Oliver <thrift24@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #2 from Dan Oliver <thrift24@xxxxxxxxx> ---
Yes.  A valid setup for SSL would require the signers file to be specified. 
Here is a question, would it be better to have someone have to know that they
need to supply a valid signer or explicitly turn off certificate validation to
get a working setup or would it be better for someone to be expecting the
certificate to be checked by default and ending up with an insecure setup?  I
guess one factor in that might be how likely it should be to expect the
certificate to be checked and I would suggest that SSL is totally useless
without that check, so the idea that a check would not be done by default is
not intuitive.  I think it would be very telling to look at how virtually any
other software handles this.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx