Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14004723
D8627.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Referenced Files
None
Subscribers
None
D8627.diff
View Options
diff --git a/src/docs/user/configuration/troubleshooting_https.diviner b/src/docs/user/configuration/troubleshooting_https.diviner
--- a/src/docs/user/configuration/troubleshooting_https.diviner
+++ b/src/docs/user/configuration/troubleshooting_https.diviner
@@ -29,13 +29,18 @@
called "man in the middle"). Normally, you purchase a certificate from a known
authority and clients have a list of trusted authorities.
-You can self-sign a certificate by creating your own CA, but clients will not trust it by default. They need to add the CA as a trusted authority.
+You can self-sign a certificate by creating your own CA, but clients will not
+trust it by default. They need to add the CA as a trusted authority.
For instructions on adding CAs, see `libphutil/resources/ssl/README`.
-Although it is possible to accept certificates that aren't signed by trusted
-CAs, this is not currently supported because it compromises the ability of SSL
-to protect the connection against eavesdropping.
+If you'd prefer that `arc` not verify the identity of the server whatsoever, you
+can use the `https.blindly-trust-domains` setting. This will make it
+dramatically easier for adversaries to perform certain types of attacks, and is
+**strongly discouraged**:
+
+ $ arc set-config https.blindly-trust-domains '["example.com"]'
+
= Domain Problems =
@@ -71,4 +76,5 @@
is an Apache server that does not explicitly name the Phabricator domain as a
valid VirtualHost.
-This error occurs only for some versions of the OpenSSL client library (from v0.9.8r or earlier until 1.0.0), so only some users may experience it.
+This error occurs only for some versions of the OpenSSL client library
+(from v0.9.8r or earlier until 1.0.0), so only some users may experience it.
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Oct 28, 1:44 AM (2 w, 1 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6712064
Default Alt Text
D8627.diff (1 KB)
Attached To
Mode
D8627: Update HTTPS docs for `https.blindly-trust-domains`
Attached
Detach File
Event Timeline
Log In to Comment