The message about the security of the ssl overrides is overly alarmist.
The only ssl- options that cause security problems in the servers config
file are the ssl-ignore ones.
I, personally, think that global CAs are next to useless, so specifying
your own allowed certificate list, or your own allowed CA is fine, and
doesn't decrease security at all. And specifying a client certificate
_certainly_ doesn't decrease security.
Attached is a patch that fixes the wording.
Have fun (if at all possible),
--
The best we can hope for concerning the people at large is that they
be properly armed. -- Alexander Hamilton
-- Eric Hopper (hopper_at_omnifarious.org http://www.omnifarious.org/~hopper)=
--
--=-hLqqT+CS34vkHL6NmsgF
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA+00W8jtsvlOwvazYRAmwqAJ4hhmmjztNjdI7glFbveWgMHSo//ACg05Lx
xHvEEkl8uK2lLwKuI3IHwqA=
=vs8l
-----END PGP MESSAGE-----
--=-hLqqT+CS34vkHL6NmsgF--
- text/x-patch attachment: stored
Received on Tue May 27 13:04:03 2003