tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[Christos Zoulas] CVS commit: src/usr.bin/ftp

Did I miss discussion on this?  I am getting the impression that we now
have defaults:
  no trust anchors installed
  require verification

which really doesn't make sense.  If I am following correctly this is a
major behavior change in a controversial area, which isn't ok without

Plus, this is a negative option, usually frowned upon.

So (absent confusion on my part, as always), it sounds like one of the
following should happen:

  1) just revert this until we have discussion
  2) change the environment variable to CERTIFICATE_VALIDATION to use the term
     from the RFC
     and default to FALSE, enabling if set and TRUE.

If at some point the system installs trust anchors by default, the
default can change.

Plus, I think it's reasonable to have some config file in /etc/openssl
that signals "user has configured trust anchors and wishes to routinely
validate certificates".  The existence of /etc/openssl/VALIDATE might be
a good trigger for validation, or some other color file.  That would
mean that the code, running on a system with old config, would not be
surprising.   Using this file now in option 2 instead of an environment
variable seems fine.

--- Begin Message ---
Module Name:	src
Committed By:	christos
Date:		Tue Aug 30 08:51:28 UTC 2022

Modified Files:
	src/usr.bin/ftp: ftp.1 ssl.c

Log Message:
Add cert verification, together with an environment variable "NO_CERT_VERIFY",
to turn it off.

To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 src/usr.bin/ftp/ftp.1
cvs rdiff -u -r1.10 -r1.11 src/usr.bin/ftp/ssl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

--- End Message ---

Home | Main Index | Thread Index | Old Index