On Wed, Sep 15, 2010 at 10:13 PM, James Jackson <[email protected]>wrote:
> Hi, > > > 1) The replicator allows ssl connections to hosts with self-signed > > certificates by default, obviating the security of the protocol. Since > > this is the OTP default (seriously), we probably want to get a patch > > upstream as well. > > There is a patch for this here: > > https://issues.apache.org/jira/browse/COUCHDB-878 > > I have a local patch which folds this verification function with the added > ability for SSL replication sessions to be be authenticated by a key / cert > pair; I haven't had a chance to test it though (waiting on our > authenticating front-end to be set up) so haven't submitted the patch. If > somebody is willing to test it, I can open up a ticket with the patch. > > As essentially the patch builds SSL parameters for the http_db objects > which get passed around the replicator, it made sense to factor the > verification and SSL certification stuff into one 'get_ssl_parameters' > function. > Looks fine, but actually doesn't deal with the new SSL implementation from OTP R14A. I've been working on it as part of desktopcouch but didn't commit it to the ASF repository: http://github.com/fdmanana/desktopcouch-ubuntu-10_10/commit/49eb401b991f334ab06cc7a0f4031c7aafb927a7 Doing a few more testing before committing it. > > Regards, > James. -- Filipe David Manana, [email protected], [email protected] "Reasonable men adapt themselves to the world. Unreasonable men adapt the world to themselves. That's why all progress depends on unreasonable men."
