RE: Client certificates.

From: Sander Striker <striker_at_apache.org>
Date: 2002-08-01 20:36:54 CEST

[...]
> Are you planning on using the config file to figure out what
> certs should be used, what CAs to trust, etc?
>
> OpenSSL already has a (complex) configuration mechanism of its
> own; maybe we can set up a trusted CA inside ~/.subversion, and
> do things that way? This may sound like more trouble than it's
> worth, but building our own PKI would be pretty complicated.

Let's not confuse things here. We need:

a) a means to hand neon a client certificate if the server asks
for one;

b) verify the servers certificate.

These can be implemented seperately. AFAIK Dan Berlin is taking
on a. b is going to be a bit tougher. Brians suggestion
to reuse webbrowser cert stores is a nice one (especially on
windows).

Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Aug 1 20:27:29 2002

This message: [ Message body ]
Next message: Greg Hudson: "Re: Bikeshed: --quiet option"
Previous message: Mark Welch: "Re: Client certificates."
In reply to: mark benedetto king: "Re: Client certificates."
Next in thread: Daniel Berlin: "RE: Client certificates."
Reply: Daniel Berlin: "RE: Client certificates."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]