On 09/10/2013 08:49 AM, Simo Sorce wrote: > > What if there is no IPA CA (CA-less)? Should we assume that the user has > their own CA in control and allow only certs signed by that single CA? > > Regarding SNI, it apparently is not supported in server-side NSS > (https://bugzilla.mozilla.org/show_bug.cgi?id=360421) > We need to either push for a solution to this or allow to switch to > mod_ssl.
Jan Pazdziora investigated us switching to mod_ssl. It is not trivial. Also I would check with Kai. Based on his last comment in the bug there might be some work happening there. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
