[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] SSL layer for svnserve

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2004-10-20 18:46:58 CEST

Sigfred Håversen wrote:

> If the certificate is specified in the repo config, then svnserve does not
> know if it has a valid certificate when a client connects. All it knows
> is that it can handle SSL, if needed. The more tricky part is to handle
> the SSL handshake, and that probably require more communication between
> client and svnserve before actual SSL handshake. After the greeting, svnserve
> can check that a certificate is indeed present in the repo, and then
> load/verify it. At this stage the client and svnserve can continue with the
> SSL as desribed above. Actually, with this approach svnserve does not need to
> announce ssl capability at greeting as this will be handled with further
> handshaking. But this does add complexity, and perhaps a change in the
> protocoll as well.

But the client already sends the URL in the greeting, and that's all you
need to find the repository and thus find the repository config file. I
don't see why you can't just do that before you start the SSL handshake.

Am I missing something here?

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 20 18:47:40 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.