Shibboleth.DEPRECATION : MetadataGenerator handler
Cantor, Scott
cantor.2 at osu.edu
Mon Dec 6 18:35:14 UTC 2021
On 12/6/21, 1:22 PM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:
> Thinking about this a bit, if the Java side ("java-shibd") has no TLS
> server and mod_shib side has no cert-wielding TLS client (maybe it
> does via libcurl?), we're talking about two stunnel processes:
If you're doing it, you're presumably separating them across a network, so yes, there's going to be two.
> That's still sounds very much doable if you need to connect both parts
> over a possibly hostile network (and sharing a unix domain socket
> isn't an option).
Yes, it's doable, but if we don't have to do it, we don't have to depend on TLS code, deal with library conflicts, rely on Windows APIs, provide a trust configuration, etc.
-- Scott
More information about the users
mailing list