You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2020/03/29 12:19:35 UTC
[GitHub] [maven-wagon] michael-o commented on a change in pull request #64:
WAGON-585 maven.wagon.http.ssl features documentation is incomplete
michael-o commented on a change in pull request #64: WAGON-585 maven.wagon.http.ssl features documentation is incomplete
URL: https://github.com/apache/maven-wagon/pull/64#discussion_r399788388
##########
File path: wagon-providers/wagon-http/src/site/apt/index.apt
##########
@@ -50,11 +50,11 @@ Features
Other features can be configured through system properties:
- * <<<maven.wagon.http.ssl.insecure>>> = true/false (default false), enable/disable use of relaxed ssl check for user generated certificates.
+ * <<<maven.wagon.http.ssl.insecure>>> = true/false (default false), enable/disable relaxed check of public key certificates (e.g. self-signed ones). Relaxed check means that any chain with 1 or more certificates will be considered valid if all the certificate dates in the chain are valid (dates check can be overridden as well - see below). Setting it to <<<true>>> also enables usage of the following properties:
- * <<<maven.wagon.http.ssl.allowall>>> = true/false (default false), enable/disable match of the server's X.509 certificate with hostname. If disabled, a browser like check will be used.
+ * <<<maven.wagon.http.ssl.allowall>>> = true/false (default false), enable/disable match of the server's X.509 certificate with hostname. If <<<false>>>/unset, a "browser-like check" will be used, which means that the hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts.
Review comment:
Browsers are moving fast and that has nothing to do with browsers, but is a RFC 5280 requirement. Let's throw "browsers" out.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services