URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: added ssl verification

tiran commented:
Please change the title of the commit, too. It's implies that we did not verify 
certs in the past.

In the future please don't call the system trust store a random collection of 
CAs. It's diminishing and vilifying the hard work of the security team to 
provide a secure selection of CA certs. This change is purely an attempt to 
harden IPA and use the same selection of CAs everywhere.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to