Am 31.01.2014 17:36, schrieb James Peach: > On Jan 31, 2014, at 8:32 AM, Reindl Harald <[email protected]> wrote: > >> Am 31.01.2014 17:24, schrieb James Peach: >>> On Jan 31, 2014, at 4:52 AM, Reindl Harald <[email protected]> wrote: >>> >>>> one small issue with ssl-certs: >>>> they must be readable by the ats-user >>>> >>>> httpd reads them at startup before downgrade uid/gid >>>> the benefit is that they can have chmod 400 and owned by root >>>> in case of a security relevant bug that may prevent leaks >>> >>> https://issues.apache.org/jira/browse/TS-2353 >>> https://issues.apache.org/jira/browse/TS-612 >>> >>> Ron Barber has been working on this for 4.2 and I expect that we will land >>> these changes soon. In the longer terms I'd like to support the Linux >>> kernel key management API, which I believe will give you better options for >>> controlling access to keys. >> >> have i said often enough "thank you" for such a responsible upstream project >> like ATS? > > Full marks to the Yahoo engineers, who have been driving the SSL improvements > in 4.2. SSL support was formerly somewhat neglected so it's very timely and > appreciated work :)
so special thanks to the Yahoo engineers, nice to see that they still work on
ATS
which is not self-evident in case of make a software open source and place it
under the hood of ASF
signature.asc
Description: OpenPGP digital signature
