Hi there,
If I only use server side SSL Certificates
when accessing repository without
"SSLVerifyClient require" -directive in httpd.conf,
like this:
<Location /project1>
DAV svn
SVNPath /home/www/repositories/project1
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /home/www/htpasswd
Require valid-user
SSLRequireSSL
</Location>
will the asked "username/password" -pair be changed encrypted
between the client and the server?
The manual says:
"The Neon library used by the Subversion client
is not only able to verify server certificates,
but can also supply client certificates when challenged.
When the client and server have exchanged SSL certificates
and successfully authenticated one another,
all further communication is encrypted via a session key."
This implies that encryption occurs only when BOTH
server and client provide certificates.
-pekka-
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 10 08:52:33 2005