On 6/1/2016 9:19 AM, William A Rowe Jr wrote: > > Proposal... > > CheckPeerName CheckPeerCN > unset | on unset | on CheckPeerName verification > off on *CheckPeerCN* verification > off unset | off no verification > unset | off off no verification > > WDYT?
+1 ... but it is probably a very unlikely scenario for an administrator to want to disable checking of SAN entries but to enable checking of CN (the off/on scenario above). I'd argue it's reasonable to make both directives simple toggles CheckPeerName verification, but I still agree that we cannot make an existing config represent X in version 1.2.3 and represent Y in version 1.2.4 so CheckPeerCN logic should be retained. -- Daniel Ruggeri --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
