Skip to content

Add OpenSSL verification modes and certificate handlers reference (DOC-134)#5816

Open
dhtclk wants to merge 2 commits intomainfrom
doc-134-certificate-verification
Open

Add OpenSSL verification modes and certificate handlers reference (DOC-134)#5816
dhtclk wants to merge 2 commits intomainfrom
doc-134-certificate-verification

Conversation

@dhtclk
Copy link
Collaborator

@dhtclk dhtclk commented Mar 23, 2026
edited
Loading

Summary

EXPERIMENTAL

  • Adds a reference section to the TLS configuration guide documenting all verificationMode options and invalidCertificateHandler names
  • Includes complete XML examples for disabling certificate verification across clickhouse-client, clickhouse-server, and Keeper
  • Mentions the --accept-invalid-certificate CLI shortcut

Verification

Only Verified with CLAUDE:
All technical claims verified against ClickHouse source code:

Claim Source Confidence
4 verification modes (none, relaxed, once, strict) base/poco/NetSSL_OpenSSL/src/Utility.cpp High
once behaves as relaxed on client side Poco::Net::Context upstream docs High
Only Accept and Reject handlers exist ClickHouse Poco fork (ConsoleCertificateHandler removed) High
Handler works in both <server> and <client> base/poco/NetSSL_OpenSSL/src/SSLManager.cpp High
--accept-invalid-certificate flag programs/client/Client.cpp High
No ClickHouse-level restrictions on Poco Searched src/ for additional validation — none found Medium

Closes DOC-134

🤖 Generated with Claude Code

@dhtclk @claude
Add OpenSSL verification modes and certificate handlers reference (DO…
717f3b6 
…C-134)

Document all verificationMode options, invalidCertificateHandler names,
and complete examples for disabling certificate verification across
clickhouse-client, clickhouse-server, and Keeper. Verified against
ClickHouse's Poco fork source code.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@dhtclk dhtclk requested a review from a team as a code owner March 23, 2026 16:36
@vercel
Copy link

vercel bot commented Mar 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clickhouse-docs Ready Ready Preview, Comment Mar 23, 2026 5:11pm
clickhouse-docs-jp Building Building Preview, Comment Mar 23, 2026 5:11pm
3 Skipped Deployments
Project Deployment Actions Updated (UTC)
clickhouse-docs-ko Ignored Ignored Preview Mar 23, 2026 5:11pm
clickhouse-docs-ru Ignored Ignored Preview Mar 23, 2026 5:11pm
clickhouse-docs-zh Ignored Ignored Preview Mar 23, 2026 5:11pm

Request Review

@dhtclk dhtclk marked this pull request as draft March 23, 2026 16:43
@dhtclk @claude
Fix table formatting in verification modes section
1a9dd2f 
Remove em dashes and bold formatting from markdown table cells
that caused rendering issues in GitHub diff views.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@dhtclk dhtclk marked this pull request as ready for review March 23, 2026 20:01
@Blargian
Copy link
Member

Blargian commented Mar 24, 2026

@dhtclk I find asking the LLM for verification is often unreliable. Did you cross check using a different LLM to verify?

@dhtclk
Copy link
Collaborator Author

dhtclk commented Mar 24, 2026

@Blargian - I did not do that in this case, I'll follow up with manual validation and validating with a different LLM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dhtclk @Blargian