[GitHub] [couchdb] rnewson commented on pull request #4575: TLS: add {verify, verify_peer} to enable verification for OTP 26

["rnewson (via GitHub)" <gi...@apache.org>]

rnewson commented on PR #4575:
URL: https://github.com/apache/couchdb/pull/4575#issuecomment-1554197964

   I agree with nick. The value of `--generate-tls-dev-cert` is to demonstrate how to correctly set up a couchdb cluster with TLS for the erlang distribution protocol as much as possible. So the nodes should mutually authenticate each other. The nodes will need a certificate each (with their erlang node name as the Common Name attribute), etc. The only difference between what we do here and a real setup should be the node certificates and the CA that signed them.
   
   I've also suggested elsewhere to move the logic from configure to dev/run as we only know the number of nodes at dev/run time. With that done it will be possible to automatically add the correct arguments to `vm.args` for each node, like we currently do to add the individual node names.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org