[Devel] changes for TLS
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Oct 28 23:09:46 CEST 2005
Cesc wrote:
> I am not sure for openser, but in ser, disable_tls is only defined if
> compiled with TLS=1 ... thus, if you add disable_tls=1 to the config,
> compile without TLS (or TLS=0) ... the config won't even load.
> Again, this may not be true for openser ...
This is why the default is changed to 1.
the default config has no tls_disable paramter. Thus non-tls-openser works.
If TLS support is compiled, the default is set to 1, which means TLS is
disabled with the default config (as there is no parameter).
regards
klaus
>
> Cesc
>
>
> On 10/28/05, *Klaus Darilion* <klaus.mailinglists at pernau.at
> <mailto:klaus.mailinglists at pernau.at>> wrote:
>
> Hi!
>
> I suggest the default values of disable_tls should be 1
> This allows using a TLS enabled openser with the normal config.
>
> Further, we should make an openser.cfg for the TLS version with these
> modifications:
>
> # uncomment the following lines for TLS support
> #disable_tls=0
> #tls_verify=1
> #tls_require_certificate=0
> #tls_method=TLSv1
> #tls_certificate= "/etc/openser/cert.pem"
> #tls_private_key= "/etc/openser/privkey.pem"
> #tls_ca_list= "/etc/openser/calist.pem"
>
>
> any comments? otherwise I will change it.
>
> regards
> klaus
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org <mailto:Devel at openser.org>
> http://openser.org/cgi-bin/mailman/listinfo/devel
>
>
More information about the Devel
mailing list