ningyougang commented on issue #2517: Support client certificate verify on server side URL: https://github.com/apache/incubator-openwhisk/pull/2517#issuecomment-323979330 @rabbah I added a temp commit on this pr to `turn on the client certificate auth` to run all test cases, the travis-ci running result is failed, i will check it. PS: currently, i turn on the `client certificate auth` using below configuration: ``` nginx.ssl.verify_client: "{{ nginx_ssl_verify_client | default('optional') }}" ``` Why i use `optional` instead of `on` temporarily? because currently `ansible version:2.3.0.0`'s `get_url` module doesn't support passing client cert/key file. so if use `on`, the `download CLI ansible task will be failed`: https://github.com/apache/incubator-openwhisk/blob/master/ansible/roles/cli/tasks/download_cli.yml#L5 if use `optional`, it will ignore the client cert/key file verification when cert/file don't exist. but this has a good news that `ansible version:2.4.0.0` will support it. please refer to: https://github.com/ansible/ansible/pull/18141 if `ansible version:2.4.0.0` is released , we can use `on` instead of `optional` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
With regards, Apache Git Services
