[
https://issues.apache.org/jira/browse/MRESOLVER-328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694935#comment-17694935
]
ASF GitHub Bot commented on MRESOLVER-328:
------------------------------------------
cstamas commented on code in PR #255:
URL: https://github.com/apache/maven-resolver/pull/255#discussion_r1121364807
##########
src/site/markdown/configuration.md:
##########
@@ -40,6 +40,7 @@ Option | Type | Description | Default Value | Supports Repo
ID Suffix
`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use
preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
`aether.connector.http.retryHandler.count` | int | The maximum number of times
a request to a remote HTTP server should be retried in case of an error. | `3`
| yes
`aether.connector.https.cipherSuites` | String | Comma-separated list of
[Cipher
Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites)
which are enabled for HTTPS connections. | - (no restriction) | no
+`aether.connector.https.securityMode` | String | Using this flag resolver may
set the "security mode" of HTTPS connector. Any other mode than 'default' is
NOT MEANT for production, as it is inherently not secure. Accepted values:
"default", "insecure" (ignore any kind of certificate validation errors and
hostname validation checks). | `"default"` | yes
Review Comment:
W00t? There are two cases covered in code (everything else throws), and also
in doco. What are you talking about exactly?
> The transport-http should be able to ignore cert errors
> -------------------------------------------------------
>
> Key: MRESOLVER-328
> URL: https://issues.apache.org/jira/browse/MRESOLVER-328
> Project: Maven Resolver
> Issue Type: Improvement
> Components: Resolver
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 1.9.6
>
>
> Like an "unsafe" or "insecure" SSL mode.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
