Re: svn commit: rev 4602 - branches/issue-650-ssl-certs/subversion/libsvn_ra_dav

Joe Orton wrote:

On Mon, Jan 27, 2003 at 01:11:14AM -0600, mass@tigris.org wrote:
  

Author: mass
Date: 2003-01-27 01:10:47 -0600 (Mon, 27 Jan 2003)
New Revision: 4602

Modified:
   branches/issue-650-ssl-certs/subversion/libsvn_ra_dav/session.c
Log:
Added beginning of server certificate support.

* subversion/libsvn_ra_dav/session.c: added struct ssl_verify_baton_t,
  for passing in the appropriate server config group, and passing out
  any valid error. ssl_set_verify_callback now performs verification.
  The ssl-authorities-file config option points to an CA certificate
  collection. Still needs proper error reporting.
    

Hi - these turn off security config options seem to be of dubious
value: ignoring common name mismatches and untrusted CAs both allow MITM
attacks if enabled. I think it's better to require manual intervention
for any cert validation errors.

How often, though? Once per server? Once per ra-hitting command?
Currently it is an option which requires manual override within a
configuration file, and which can (and should) be overridden on a
server-by-server basis. If these are not enabled in the configuration
file, it is always a fatal connection error.

Also, it might be a good idea to keep out of the ssl_ symbol namespace
since that is one of the many prefixes OpenSSL uses.

Agreed.

-David Waite

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:24:02 2006