You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Adam Kocoloski (JIRA)" <ji...@apache.org> on 2010/07/29 02:00:17 UTC
[jira] Created: (COUCHDB-840) be more relaxed about verifying SSL
certificate chains
be more relaxed about verifying SSL certificate chains
------------------------------------------------------
Key: COUCHDB-840
URL: https://issues.apache.org/jira/browse/COUCHDB-840
Project: CouchDB
Issue Type: Improvement
Affects Versions: 1.0
Reporter: Adam Kocoloski
Fix For: 1.0.1
The new Erlang SSL implementation (which we use to consume _changes) has a default verification depth of 1. This causes pull replication from an SSL-wrapped server to fail if the server has an intermediate certificate in its chain. Intermediate certificates are pretty common especially at the cheaper end, e.g. GoDaddy certs. OpenSSL uses a default depth of 9; I think we should do the same.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COUCHDB-840) be more relaxed about verifying SSL
certificate chains
Posted by "Adam Kocoloski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Kocoloski updated COUCHDB-840:
-----------------------------------
Attachment: COUCHDB-840.patch
a very simple patch against 1.0.x
> be more relaxed about verifying SSL certificate chains
> ------------------------------------------------------
>
> Key: COUCHDB-840
> URL: https://issues.apache.org/jira/browse/COUCHDB-840
> Project: CouchDB
> Issue Type: Improvement
> Affects Versions: 1.0
> Reporter: Adam Kocoloski
> Fix For: 1.0.1
>
> Attachments: COUCHDB-840.patch
>
>
> The new Erlang SSL implementation (which we use to consume _changes) has a default verification depth of 1. This causes pull replication from an SSL-wrapped server to fail if the server has an intermediate certificate in its chain. Intermediate certificates are pretty common especially at the cheaper end, e.g. GoDaddy certs. OpenSSL uses a default depth of 9; I think we should do the same.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (COUCHDB-840) be more relaxed about verifying SSL
certificate chains
Posted by "Adam Kocoloski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Kocoloski resolved COUCHDB-840.
------------------------------------
Resolution: Fixed
> be more relaxed about verifying SSL certificate chains
> ------------------------------------------------------
>
> Key: COUCHDB-840
> URL: https://issues.apache.org/jira/browse/COUCHDB-840
> Project: CouchDB
> Issue Type: Improvement
> Affects Versions: 1.0
> Reporter: Adam Kocoloski
> Fix For: 1.0.1
>
> Attachments: COUCHDB-840.patch
>
>
> The new Erlang SSL implementation (which we use to consume _changes) has a default verification depth of 1. This causes pull replication from an SSL-wrapped server to fail if the server has an intermediate certificate in its chain. Intermediate certificates are pretty common especially at the cheaper end, e.g. GoDaddy certs. OpenSSL uses a default depth of 9; I think we should do the same.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.