https://bz.apache.org/bugzilla/show_bug.cgi?id=61984
Dan Oliver <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW --- Comment #2 from Dan Oliver <[email protected]> --- Yes. A valid setup for SSL would require the signers file to be specified. Here is a question, would it be better to have someone have to know that they need to supply a valid signer or explicitly turn off certificate validation to get a working setup or would it be better for someone to be expecting the certificate to be checked by default and ending up with an insecure setup? I guess one factor in that might be how likely it should be to expect the certificate to be checked and I would suggest that SSL is totally useless without that check, so the idea that a check would not be done by default is not intuitive. I think it would be very telling to look at how virtually any other software handles this. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
