[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: New auth system and hostname mismatch

From: David Waite <mass_at_akuma.org>
Date: 2003-04-22 10:48:01 CEST

Sander Striker wrote:

>>From: David Waite [mailto:mass@akuma.org]
>>Sent: Tuesday, April 22, 2003 10:01 AM
>>
>>
>
>
>
>>There are a couple of different options here; you could add a hostname
>>mismatch override for those hosts, using something like the following in
>>the servers config file:
>>
>>[groups]
>>macrology = *.macrology.co.nz
>>
>>[macrology]
>>ssl-ignore-host-mismatch = true
>>
>>You could also generate your own certificate authority certificate, and
>>generate your own wildcard certificate or certificate per host. This
>>would be no less valid for those subdomains.
>>
>>The third and fourth options involve changing code; either a new flag
>>which treats certificates as wildcard certificates, or a server host
>>alias override. I would prefer the fourth option (its a lot less code
>>and appears more valid to me), but would probably want the
>>ssl-ignore-host-mismatch flag to go away if it was added.
>>
>>
>
>My vote would be on handling wildcard certs as wildcard certs. This is
>clearly not a host-mismatch case, since it matches its cert.
>
I believe the original poster wanted a non-wildcard certificate to be
treated as a wildcard certificate.

-David Waite

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 22 10:49:08 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.