[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Client certificates.

From: Daniel Berlin <dberlin_at_dberlin.org>
Date: 2002-08-01 21:18:08 CEST

On Thu, 1 Aug 2002, Sander Striker wrote:

> [...]
> > Are you planning on using the config file to figure out what
> > certs should be used, what CAs to trust, etc?
> >
> > OpenSSL already has a (complex) configuration mechanism of its
> > own; maybe we can set up a trusted CA inside ~/.subversion, and
> > do things that way? This may sound like more trouble than it's
> > worth, but building our own PKI would be pretty complicated.
> Let's not confuse things here. We need:
> a) a means to hand neon a client certificate if the server asks
> for one;
> b) verify the servers certificate.
> These can be implemented seperately. AFAIK Dan Berlin is taking
> on a.

> b is going to be a bit tougher. Brians suggestion
> to reuse webbrowser cert stores is a nice one (especially on
> windows).

It's also a bit tricky.
I think it requires using the cryptoapi.

> Sander

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Aug 1 21:18:42 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.