[
https://issues.apache.org/jira/browse/JCR-4536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151337#comment-17151337
]
Konrad Windszus commented on JCR-4536:
--------------------------------------
You mean only allow a certain server identity in the cert
(https://tools.ietf.org/html/rfc2818#section-3.1)? Would work for me but I am
not sure if the additional security is worth the effort. Will try to implement
such a
https://docs.oracle.com/javase/6/docs/api/javax/net/ssl/HostnameVerifier.html?is-external=true.
Could you confirm that this is what you had in mind?
> Feature/enable insecure https host
> ----------------------------------
>
> Key: JCR-4536
> URL: https://issues.apache.org/jira/browse/JCR-4536
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi2dav
> Reporter: Max Barrass
> Assignee: Konrad Windszus
> Priority: Major
>
> Adding support for insecure parameter to allow access to https with invalid
> certs.
> Enabling optional support for expired ssl certs when using https on
> development server with self generated certificates.
> Pull request already created and ready for review
> [https://github.com/apache/jackrabbit/pull/88]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
