[
https://issues.apache.org/jira/browse/JCR-4536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151206#comment-17151206
]
Konrad Windszus commented on JCR-4536:
--------------------------------------
bq. At the end of the day, this needs to be triggered somewhere by config (or
am I wrong here?). Once it is turned off, the user will have an insecure client
and might not know it.
Yes, but this is responsibility of the downstream consumer. I cannot think of
any parametrisation which would be better from a security perspective. Please
make a concrete suggestion how you think this should happen.
> Feature/enable insecure https host
> ----------------------------------
>
> Key: JCR-4536
> URL: https://issues.apache.org/jira/browse/JCR-4536
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi2dav
> Reporter: Max Barrass
> Assignee: Konrad Windszus
> Priority: Major
>
> Adding support for insecure parameter to allow access to https with invalid
> certs.
> Enabling optional support for expired ssl certs when using https on
> development server with self generated certificates.
> Pull request already created and ready for review
> [https://github.com/apache/jackrabbit/pull/88]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
