Github user kxepal commented on a diff in the pull request:
https://github.com/apache/couchdb/pull/231#discussion_r12519566
--- Diff: etc/couchdb/local.ini ---
@@ -66,6 +66,8 @@
;password = somepassword
; set to true to validate peer certificates
verify_ssl_certificates = false
+; Set to true to fail if the client does not send a certificate. Only used
if verify_ssl_certificates is true.
+fail_if_no_peer_cert = false
--- End diff --
Yes, I saw that `fail_if_no_peer_cet` is also used by ssl app, but I was
driven by the idea that config options should be more user friendly (no matter
how they are related with internals) (whenever it's possible). `Fail` word
sounds scary: no one wanted to let their server (note, that there is no mention
about connection - so we assume the worst) to fail because of something, so in
fact this option name generates negative emotions and will mostly remains
untouched. The `require_peer_cert` sounds more..."secure", since we don't fail,
but we raising requirements for our clients - that's more solid and user
friendly.
Anyway, so my loud thoughts (:
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
