ssl.ca_certs should be supported in authentication.conf
Bug #924220 reported by
Vincent Ladeuil
This bug affects 14 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Bazaar |
Confirmed
|
Medium
|
Unassigned | ||
| Breezy |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
We currently handle ssl cert verification via two options that are only queried from bazaar.conf.
That makes 'optional' for ssl.ca_certs = 'optional' complex to support.
Having the ability to specify these options in authentication.conf per-host will allow one to disable the verification for hosts that don't provide certificates which is what 'optional' is about (it makes little sense to check that ssl.ca_certs is a valid path if we don't intent to verify the host certificate anyway).
| tags: | added: check-for-breezy |
| tags: |
added: ssl removed: check-for-breezy |
| Changed in brz: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
To post a comment you must log in.
This will also allow to support self-signed certificates more easily by allowing ssl.ca_certs to point to the server certificate.