Re: [Issue 650] Changed - certificate handling

From: Daniel Stenberg <daniel_at_haxx.se>
Date: 2002-04-09 18:12:31 CEST

On Tue, 9 Apr 2002, Kevin Pilch-Bisson wrote:

> > I suppose you could cache self-signed certificates so that you'd know if
> > you're getting the same one each time, but certificates do expire, so
> > that's not especially valuble.

> This is what I was thinking of. How quickly do the certs expire?

Certs expire at a given date, so it can in fact expire between any two
connects.

> My idea was to do something like:
>
> "Warning self-signed certificate from host foo with fingerprint bar.
> Continue connecting?"
>
> Then cache the result of that, so that the warning only shows up the first
> time.

The expire date is also a readable from the certificate, so it doesn't need
to be a surprise to the client when that happens.

-- 
      Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Apr 9 18:13:54 2002

This message: [ Message body ]
Next message: Lalit Jairath: "any clue?"
Previous message: Hontvari Jozsef: "Re: the @ syntax - date format"
In reply to: Kevin Pilch-Bisson: "Re: [Issue 650] Changed - certificate handling"
Next in thread: Peter Mathiasson: "Re: [Issue 650] Changed - certificate handling"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]