[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Client certificates.

From: Sander Striker <striker_at_apache.org>
Date: 2002-08-01 20:36:54 CEST

[...]
> Are you planning on using the config file to figure out what
> certs should be used, what CAs to trust, etc?
>
> OpenSSL already has a (complex) configuration mechanism of its
> own; maybe we can set up a trusted CA inside ~/.subversion, and
> do things that way? This may sound like more trouble than it's
> worth, but building our own PKI would be pretty complicated.

Let's not confuse things here. We need:

a) a means to hand neon a client certificate if the server asks
   for one;

b) verify the servers certificate.

These can be implemented seperately. AFAIK Dan Berlin is taking
on a. b is going to be a bit tougher. Brians suggestion
to reuse webbrowser cert stores is a nice one (especially on
windows).

Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Aug 1 20:27:29 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.