[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: rev 4602 - branches/issue-650-ssl-certs/subversion/libsvn_ra_dav

From: <joe_at_manyfish.co.uk>
Date: 2003-01-29 10:33:30 CET

On Mon, Jan 27, 2003 at 01:11:14AM -0600, mass@tigris.org wrote:
 Author: mass
 Date: 2003-01-27 01:10:47 -0600 (Mon, 27 Jan 2003)
 New Revision: 4602
 Added beginning of server certificate support.
 * subversion/libsvn_ra_dav/session.c: added struct ssl_verify_baton_t,
   for passing in the appropriate server config group, and passing out
   any valid error. ssl_set_verify_callback now performs verification.
   The ssl-authorities-file config option points to an CA certificate
   collection. Still needs proper error reporting.

Hi - these turn off security config options seem to be of dubious
value: ignoring common name mismatches and untrusted CAs both allow MITM
attacks if enabled. I think it's better to require manual intervention
for any cert validation errors.

Also, it might be a good idea to keep out of the ssl_ symbol namespace
since that is one of the many prefixes OpenSSL uses.



To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:23:42 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.