[
https://issues.apache.org/jira/browse/TS-3746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14632626#comment-14632626
]
ASF GitHub Bot commented on TS-3746:
------------------------------------
Github user SolidWallOfCode commented on the pull request:
https://github.com/apache/trafficserver/pull/254#issuecomment-122602554
Whether the verification is per origin is up to the administrator, via his
configuration. The remap issue is a distraction, since the underlying issue is
plugin control of the verification on a per transaction basis. There seems to
be some confusion that this is specific to remap, which is not the case. It is
only the Yahoo! use case does this through remap.
I don't see how this argument doesn't apply to something like keep alive,
since it is also overrideable and could be set inconsistently via remap
configuration. Do you really want to rule out any such value that could
potentially cause problems if set via remap?
> We need to make proxy.config.ssl.client.verify.server overridable
> -----------------------------------------------------------------
>
> Key: TS-3746
> URL: https://issues.apache.org/jira/browse/TS-3746
> Project: Traffic Server
> Issue Type: New Feature
> Components: Configuration
> Reporter: Syeda Persia Aziz
> Assignee: Dave Thompson
> Labels: Yahoo
> Fix For: sometime
>
>
> We need to make proxy.config.ssl.client.verify.server overridable. Some
> origin servers need validation to avoid MITM attacks while others don't.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
