[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Issue 650] Changed - certificate handling

From: Daniel Stenberg <daniel_at_haxx.se>
Date: 2002-04-09 18:12:31 CEST

On Tue, 9 Apr 2002, Kevin Pilch-Bisson wrote:

> > I suppose you could cache self-signed certificates so that you'd know if
> > you're getting the same one each time, but certificates do expire, so
> > that's not especially valuble.

> This is what I was thinking of. How quickly do the certs expire?

Certs expire at a given date, so it can in fact expire between any two
connects.

> My idea was to do something like:
>
> "Warning self-signed certificate from host foo with fingerprint bar.
> Continue connecting?"
>
> Then cache the result of that, so that the warning only shows up the first
> time.

The expire date is also a readable from the certificate, so it doesn't need
to be a surprise to the client when that happens.

-- 
      Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 9 18:13:54 2002

This is an archived mail posted to the Subversion Dev mailing list.