Open rsutphin opened 11 years ago
Proposal:
Aker.configure do
cas_parameters :ssl => { :verify_mode => OpenSSL::SSL::VERIFY_PEER, :ca_file => some_file }
...
end
We could also do
Aker.configure do
ssl_parameters :verify_mode => OpenSSL::SSL::VERIFY_PEER, :ca_file => some_file #, ...
...
end
and just let whatever authorities/modes need an SSL context use it, but that may be assuming too much about the uniformity of SSL deployments.
but that may be assuming too much about the uniformity of SSL deployments
I had the same thought — we'd want to make it overrideable per authority, so at best we'd need to support both. I say just do the cas_parameters
one for now. If an app needs to share the parameters between two different authorities (or whatever), it can just do:
ssl_opts = { ... }
Aker.configure do
cas_parameters :ssl => ssl_opts
whatever_parameters :ssl_context => ssl_opts
end
The CAS authority needs to communicate with CAS servers which are generally SSL-protected. Provide a mechanism where Aker's CAS authority can be configured with: