Github user zwoop commented on the pull request:
https://github.com/apache/trafficserver/pull/254#issuecomment-122645818
I have a few concerns with the code here actually. In general, we want more
configurations overridable, including cache configurations and network
configurations. I tried this once before, and it got -1'd for other reasons
(cache clustering). What I'm asking for is, is there some better way we can
convey the entire "oride" object back to other areas of the system, such as the
network layers and cache layers ? It wouldn't be particular efficient to do
many of these "special cases" going forward.
Also, there's some legitimate concerns here re: this being a generally good
idea, or a fix for an organizational issue. I'll have to noodle on that a bit
more (my gut tells me, if you want to enable cert verification for one set of
servers, is it that much more work to do it for all servers?).
That much said, a few comments on the patch itself:
1) I think ssl_client_verify_server should be a MgmtByte, moved up to the
section of those (to avoid padding), and of course use
HttpEstablishStaticConfigByte() to for loading.
2) I don't think this patch was run through clang-format, the indentation
doesn't look right.
3) Similarly to 1), but on line 1062 in HttpSM, we introduce two "empty"
lines, with 2 white spaces?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
