be more relaxed about verifying SSL certificate chains
------------------------------------------------------
Key: COUCHDB-840
URL: https://issues.apache.org/jira/browse/COUCHDB-840
Project: CouchDB
Issue Type: Improvement
Affects Versions: 1.0
Reporter: Adam Kocoloski
Fix For: 1.0.1
The new Erlang SSL implementation (which we use to consume _changes) has a
default verification depth of 1. This causes pull replication from an
SSL-wrapped server to fail if the server has an intermediate certificate in its
chain. Intermediate certificates are pretty common especially at the cheaper
end, e.g. GoDaddy certs. OpenSSL uses a default depth of 9; I think we should
do the same.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
