[
https://issues.apache.org/jira/browse/JCR-4536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17055667#comment-17055667
]
Julian Reschke edited comment on JCR-4536 at 5/13/20, 1:33 PM:
---------------------------------------------------------------
Why is this needed now? Wouldn't it be better to have the development server
have a correct cert, from instance from LE?
Furthermore:
The PR contains quite a few changes that have nothing to do with the feature;
these should be removed.
Also I don't see any tests.
EDIT:
Things to consider:
- very visibly LOG when cert checking is disabled
- only allow disabling cert checking for one concrete host name (or just a few)
It's really really important that people do not accidentally turn the cert
checking off.
was (Author: reschke):
Why is this needed now? Wouldn't it be better to have the development server
have a correct cert, from instance from LE?
Furthermore:
The PR contains quite a few changes that have nothing to do with the feature;
these should be removed.
Also I don't see any tests.
> Feature/enable insecure https host
> ----------------------------------
>
> Key: JCR-4536
> URL: https://issues.apache.org/jira/browse/JCR-4536
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi2dav
> Reporter: Max Barrass
> Priority: Major
>
> Adding support for insecure parameter to allow access to https with invalid
> certs.
> Enabling optional support for expired ssl certs when using https on
> development server with self generated certificates.
> Pull request already created and ready for review
> [https://github.com/apache/jackrabbit/pull/88]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
