[
https://issues.apache.org/jira/browse/TS-3746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14632583#comment-14632583
]
ASF GitHub Bot commented on TS-3746:
------------------------------------
Github user shinrich commented on the pull request:
https://github.com/apache/trafficserver/pull/254#issuecomment-122588703
Yes, you could write a confusing policy via the remap rules. You could
have remap rules for two different URLs on the same host with different
override values. And as you indicate if session sharing is enabled, you could
reuse a server connection that was verified which the matching remap rule
indicated that it shouldn't have been (or visa versa).
That would be a fairly odd use case. Since this is a per-origin feature,
one would think that you would set the override variables consistently across
the origin. You could also write an arbitrary plugin to set the override
variable however you like.
I'm open to suggestions for other configuration options to enable origin
granularity when controlling the proxy.config.ssl.client.verify.sever feature.
> We need to make proxy.config.ssl.client.verify.server overridable
> -----------------------------------------------------------------
>
> Key: TS-3746
> URL: https://issues.apache.org/jira/browse/TS-3746
> Project: Traffic Server
> Issue Type: New Feature
> Components: Configuration
> Reporter: Syeda Persia Aziz
> Assignee: Dave Thompson
> Labels: Yahoo
> Fix For: sometime
>
>
> We need to make proxy.config.ssl.client.verify.server overridable. Some
> origin servers need validation to avoid MITM attacks while others don't.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
