recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Update HTTPS docs for `https.blindly-trust-domains`

Summary: The doc is no longer entirely accurate.

Test Plan: Reading.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8627

epriestley 6324eff8 c3146abc

+11 -5
+11 -5
src/docs/user/configuration/troubleshooting_https.diviner
··· 29 29 called "man in the middle"). Normally, you purchase a certificate from a known 30 30 authority and clients have a list of trusted authorities. 31 31 32 - You can self-sign a certificate by creating your own CA, but clients will not trust it by default. They need to add the CA as a trusted authority. 32 + You can self-sign a certificate by creating your own CA, but clients will not 33 + trust it by default. They need to add the CA as a trusted authority. 33 34 34 35 For instructions on adding CAs, see `libphutil/resources/ssl/README`. 35 36 36 - Although it is possible to accept certificates that aren't signed by trusted 37 - CAs, this is not currently supported because it compromises the ability of SSL 38 - to protect the connection against eavesdropping. 37 + If you'd prefer that `arc` not verify the identity of the server whatsoever, you 38 + can use the `https.blindly-trust-domains` setting. This will make it 39 + dramatically easier for adversaries to perform certain types of attacks, and is 40 + **strongly discouraged**: 41 + 42 + $ arc set-config https.blindly-trust-domains '["example.com"]' 43 + 39 44 40 45 = Domain Problems = 41 46 ··· 71 76 is an Apache server that does not explicitly name the Phabricator domain as a 72 77 valid VirtualHost. 73 78 74 - This error occurs only for some versions of the OpenSSL client library (from v0.9.8r or earlier until 1.0.0), so only some users may experience it. 79 + This error occurs only for some versions of the OpenSSL client library 80 + (from v0.9.8r or earlier until 1.0.0), so only some users may experience it.