Re: SSL

[Jan-Henrik Haukeland]

Christian Hopp <address@hidden> writes:

> > > What do you think... should I commit?
> >
> > I'm not sure I got all that. Do you mean that monit should only accept
> > connections to its http server if the client sends a valid ca signed
> > certificate? I'm not sure, maybe, probably. The safest is to leave it
> > as a monitrc configure option. (Since not all have a CA signed cert
> > and will have to make up their own it could be a problem for a monit
> > client to speak with a monit daemon over SSL to get status and such)
> >
> 
> This only happens if you turn on client pem files.  If not monit
> does not need any client side certificates. 

I'm nitpicking but you do need a client and server cert for
encryption/decryption in a secure client/server SSL communication. But
maybe if no client pem files exist a monit client is using the same
cert as the monit daemon? (I have to read up on your new SSL code to
get this :)


> I can put a statement like "allowselfcertification" (or what ever
> term) to allow self certified certificates.

Sounds good

> Anyways, somebody should tidy up the "set httpd" statement.  Because
> everything is right now order dependent. )-: Unfortunatly I go on
> vacation for the next week, if please somebody else could do me the
> favor of tiding it up. (-:

Do not be suprised if it's fixed when you get back. Have a nice
vacation and take it easy with that karate stuff :-)

-- 
Jan-Henrik Haukeland