On Mon, Jan 27, 2003 at 01:11:14AM -0600, mass@tigris.org wrote:
Author: mass
Date: 2003-01-27 01:10:47 -0600 (Mon, 27 Jan 2003)
New Revision: 4602
Modified:
branches/issue-650-ssl-certs/subversion/libsvn_ra_dav/session.c
Log:
Added beginning of server certificate support.
* subversion/libsvn_ra_dav/session.c: added struct ssl_verify_baton_t,
for passing in the appropriate server config group, and passing out
any valid error. ssl_set_verify_callback now performs verification.
The ssl-authorities-file config option points to an CA certificate
collection. Still needs proper error reporting.
Hi - these turn off security config options seem to be of dubious
value: ignoring common name mismatches and untrusted CAs both allow MITM
attacks if enabled. I think it's better to require manual intervention
for any cert validation errors.
Also, it might be a good idea to keep out of the ssl_ symbol namespace
since that is one of the many prefixes OpenSSL uses.
Regards,
joe
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:23:42 2006