Github user kxepal commented on a diff in the pull request:
https://github.com/apache/couchdb/pull/231#discussion_r12591595
--- Diff: etc/couchdb/local.ini ---
@@ -66,6 +66,8 @@
;password = somepassword
; set to true to validate peer certificates
verify_ssl_certificates = false
+; Set to true to fail if the client does not send a certificate. Only used
if verify_ssl_certificates is true.
+fail_if_no_peer_cert = false
--- End diff --
I understand the position "RTFM First", but that's the actual problem of
all configurations: you're reading the config, you're don't understand what the
options actually does, you're going to google (nobody reads the docs) to find
the answer or to ML to ask the same question again. Name should reflect the
behaviour clearly. "Fail" is good for Erlang since "Let it crash!", but CouchDB
wouldn't actually "fail" because of empty client certificate: it will just
reject such requests and keep going. So actually there are two names that are
suitable for configuration: `require_peer_cert` and `reject_if_no_peer_cert`.
Last one too verbose.
I understand the reasons why you picked such name, but I feel that it could
be better. Or at least comment should clarify what the "fail" actually stands
for. Probably, we could ask others devs opinion?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
