-
Type: Spec Change
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Component/s: URI Options
-
None
-
Needed
In the URI options spec, we define a few provisions about raising errors when TLS-related options are ambiguous in order to mitigate the risk that a user runs their application with unintended TLS behavior. One of these provisions requires that errors be raised if there are conflicting values for the tls/ssl option. When implementing the spec for C#, Dima pointed out that we don't define a similar provision for if tlsInsecure is provided more than once with conflicting values (and likewise for tlsAllowInvalidHostnames and tlsAllowInvalidCertificates. I think that we should add provisions to the spec indicating that each of these options can't have both true and false set for them if they appear multiple times (using similar language to the provision for tls and ssl.