Better document the intent of the insecure SSL setting

This commit is contained in:
Daniel Wagner-Hall 2015-09-09 13:26:23 +01:00
parent 6485f03d91
commit ddfe30ba83
1 changed files with 6 additions and 2 deletions

View File

@ -42,9 +42,13 @@ class TlsConfig(Config):
config.get("tls_dh_params_path"), "tls_dh_params" config.get("tls_dh_params_path"), "tls_dh_params"
) )
# This config option applies to non-federation HTTP clients
# (e.g. for talking to recaptcha, identity servers, and such)
# It should never be used in production, and is intended for
# use only when running tests.
self.use_insecure_ssl_client = config.get( self.use_insecure_ssl_client = config.get(
"i_really_want_to_ignore_ssl_certs_when_i_am_an_http_client_even_" "i_really_want_to_ignore_ssl_certs_when_i_am_an_https_client_even_"
"though_it_is_woefully_insecure_because_i_hate_my_users", False) "though_it_is_woefully_insecure_because_i_am_testing_i_promise", False)
def default_config(self, config_dir_path, server_name): def default_config(self, config_dir_path, server_name):
base_key_name = os.path.join(config_dir_path, server_name) base_key_name = os.path.join(config_dir_path, server_name)