On 06/01/2016 05:45 PM, William A Rowe Jr wrote: > > > On Wed, Jun 1, 2016 at 9:46 AM, Ruediger Pluem <rpl...@apache.org > <mailto:rpl...@apache.org>> wrote: > > > > On 06/01/2016 04:19 PM, William A Rowe Jr wrote: > > Correcting one typo, below... > > > > On Wed, Jun 1, 2016 at 9:19 AM, William A Rowe Jr <wr...@rowe-clan.net > <mailto:wr...@rowe-clan.net> <mailto:wr...@rowe-clan.net > <mailto:wr...@rowe-clan.net>>> wrote: > > > > > > Proposal... > > > > CheckPeerName CheckPeerCN > > unset | on unset | on CheckPeerName verification > > off on *CheckPeerCN* verification > > off unset | off no verification > > unset | off off no verification > > > > WDYT? > > > > > > > > In general yes plus > > CheckPeerName CheckPeerCN > on unset | off CheckPeerName verification > > > What about one more exceptional case... where the > > CheckPeerCN On > > is the only directive? Do we still want to enable CheckPeerName by default? > > CheckPeerName CheckPeerCN > on {ignored} CheckPeerName verification > unset unset CheckPeerName verification > unset on CheckPeerName or CheckPeerCN verification?
I think CheckPeerName is ok in this case. > unset off no verification > off on *CheckPeerCN* verification > off unset | off no verification > > Because CheckPeerName is a superset of the CheckPeerCN functionality, > I don't think there is any harm is using CheckPeerName in this case. > > Regards RĂ¼diger
