On Thu, 1 Aug 2002, Sander Striker wrote:
> [...]
> > Are you planning on using the config file to figure out what
> > certs should be used, what CAs to trust, etc?
> >
> > OpenSSL already has a (complex) configuration mechanism of its
> > own; maybe we can set up a trusted CA inside ~/.subversion, and
> > do things that way? This may sound like more trouble than it's
> > worth, but building our own PKI would be pretty complicated.
>
> Let's not confuse things here. We need:
>
> a) a means to hand neon a client certificate if the server asks
> for one;
>
> b) verify the servers certificate.
>
>
> These can be implemented seperately. AFAIK Dan Berlin is taking
> on a.
Yup.
> b is going to be a bit tougher. Brians suggestion
> to reuse webbrowser cert stores is a nice one (especially on
> windows).
It's also a bit tricky.
I think it requires using the cryptoapi.
>
> Sander
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Aug 1 21:18:42 2002