-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nsDS5ReplicaTransportInfo: should accept StartTLS as an option #2168
Comments
Comment from firstyear (@Firstyear) at 2017-02-11 23:02:46 Metadata Update from @Firstyear:
|
Comment from firstyear (@Firstyear) at 2017-05-08 01:47:46 Metadata Update from @Firstyear:
|
Comment from mreynolds (@mreynolds389) at 2017-07-05 17:58:10 Metadata Update from @mreynolds389:
|
Comment from spichugi (@droideck) at 2018-03-11 10:42:23 Metadata Update from @droideck:
|
Comment from spichugi (@droideck) at 2018-03-12 17:43:49 It is not difficult to fix and I've already started to go through the code and check the places with SSL and StartTLS. But I think we need to discuss how we want to proceed here. We have two options, at least:
I think the second options is smoother. |
Comment from spichugi (@droideck) at 2018-03-12 17:43:50 Metadata Update from @droideck:
|
Comment from mreynolds (@mreynolds389) at 2018-03-12 17:51:55 I prefer option two. We should be backwards compatible with older versions of DS. We should not have an upgrade script to change the existing agreements because if the customer needs to downgrade it will break those repl agmts. |
Comment from firstyear (@Firstyear) at 2018-03-13 00:57:49 @mreynolds389 We have a lot of things that fail on downgrade. TBH I think it's a bit of a high expectation to expect that downgrade will work when we add config parameters, add plugins, change defaults and more. Some things are easier than others to manage, but downgrades are an extreme case, and in a downgrade case you ALWAYS should be restoring your dse.ldif from a backup. So I think that I would support option 2, with the migration to change the values, but I'd rather them be clearer. Right now we have a protocol AND a uri scheme. I think it would be better as:
As the options. These clearly communicate what we are doing. |
Comment from spichugi (@droideck) at 2018-04-18 17:02:21 |
Comment from spichugi (@droideck) at 2018-04-18 17:02:33 Metadata Update from @droideck:
|
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/49109
nsDS5ReplicaTransportInfo SSL vs TLS is not really clear, given that most libraries now support TLS as the default "SSL".
We should make this clear in nsDS5ReplicaTransportInfo by allowing:
Options. So that it's really clear what you are asking for when you configure it.
The text was updated successfully, but these errors were encountered: