Commit 17325dc0 authored by Committed by Vincent Pelletier
all: Make caucased https certificate independent from CAS.
This is a step in the direction of being browser-friendly: if caucased https certificate is issued by CAS CA, then for a browser to trust that certificate it would have to trust all certificates emitted by CAS CA certificate. This would be very dangerous, as CAS CA does not constrain the certificates it may sign, so it exposes users of that caucased to rogue certificates. Alone, this step is insufficient, as the new internal "http_cas" does not constrain certificates yet. This will happen in a separate commit, to ease review and regression testing. As a consequence of this step, by default client will not check server certificate in https. This is consistent with how trust is bootstrapped with plain http: maybe client is accessing an unexpected/malicious caucased, but in such case issued certificates will be worthless to a party which could access the correct caucased. Also, the client certificate presented to caucased does not allow that caucased to fake being that user, so there is no privilege escalation possible for server.
Showing with 143 additions and 39 deletions