[jira] [Commented] (MRESOLVER-328) The transport-http should be able to ignore cert errors

Wed, 01 Mar 2023 00:32:05 -0800 


    [ 
https://issues.apache.org/jira/browse/MRESOLVER-328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694928#comment-17694928
 ] 

ASF GitHub Bot commented on MRESOLVER-328:
------------------------------------------

michael-o commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121341642


##########
src/site/markdown/configuration.md:
##########
@@ -40,6 +40,7 @@ Option | Type | Description | Default Value | Supports Repo 
ID Suffix
 `aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use 
preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
 `aether.connector.http.retryHandler.count` | int | The maximum number of times 
a request to a remote HTTP server should be retried in case of an error. | `3` 
| yes
 `aether.connector.https.cipherSuites` | String | Comma-separated list of 
[Cipher 
Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites)
 which are enabled for HTTPS connections. | - (no restriction) | no
+`aether.connector.https.securityMode` | String | Using this flag resolver may 
set the "security mode" of HTTPS connector. Any other mode than 'default' is 
NOT MEANT for production, as it is inherently not secure. Accepted values: 
"default", "insecure" (ignore any kind of certificate validation errors and 
hostname validation checks). | `"default"` | yes

Review Comment:
   This desc does not correspond to the actual code. There are three cases, you 
have covered only two. You miss to cover valid before and valid after, means 
cert not yet valid or expired.





> The transport-http should be able to ignore cert errors
> -------------------------------------------------------
>
>                 Key: MRESOLVER-328
>                 URL: https://issues.apache.org/jira/browse/MRESOLVER-328
>             Project: Maven Resolver
>          Issue Type: Improvement
>          Components: Resolver
>            Reporter: Tamas Cservenak
>            Assignee: Tamas Cservenak
>            Priority: Major
>             Fix For: 1.9.6
>
>
> Like an "unsafe" or "insecure" SSL mode.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to