Closed Bug 510934 Opened 15 years ago Closed 15 years ago

Split SSL backends between anonymous and client-cert

Categories

(Mozilla Messaging Graveyard :: Server Operations, defect)

Product:
Mozilla Messaging Graveyard
Component:
Server Operations
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gozer, Assigned: gozer)

Details

Right now, all https://*.momo.com goes thru the same SSL backend, which has client certs authentication enabled, but optionnal.

That needs to be split up in 2 separate backends, so it's not optionnal, but required where it's needed.

Possibly, split them in 3, anon/optionnal/required, but don't keep them the same.

This bit me once I installed my client cert in thunderbird, and all of a sudden, AUS pings prompted me for my client cert.
DNS finally propagated all over, done.

# Never ask for client certs
$> host aus.mozillamessaging.com
aus.mozillamessaging.com is an alias for production.mozillamessaging.com.

# Accept client certs optionally
$> host build.mozillamessaging.com
build.mozillamessaging.com is an alias for ssl-opt-production.mozillamessaging.com.

# Require client certs
$> host buildbot-admin.mozillamessaging.com
buildbot-admin.mozillamessaging.com is an alias for ssl-cert-production.mozillamessaging.com.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.