Am 05.03.15 um 09:13 schrieb Pascal Mainini: > Dear Felix-developers > > a few weeks ago, I have submitted a proposal for a patch[1] enabling the > Felix HTTP/Jetty-service to accept any client certificate without doing > further validation of it. The need for it arises in a project I am part > of and is mainly due to the usecase of enabling authentication using > WebID[2]. > > After a few initial comments, things - as far as I can see - got quiet, > so I decided to bring the issue to this mailinglist - I hope this is the > appropriate place. > > Maybe you can give me an update about the current state/processes or > tell me if I need to go into more details etc. > Hi,
as noted in the issue this is a very dangerous setting - it might be ok in your use case, but in general you definitely don't want to do this. Therefore I'm a little bit reluctant to add such a general setting. I like the idea from Reto to make this pluggable via a service. In this case you can still provide your own implementation but for everyone else it gets harder to shoot themselves in the foot. Carsten -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org