The message about the security of the ssl overrides is overly alarmist.
The only ssl- options that cause security problems in the servers config
file are the ssl-ignore ones.
I, personally, think that global CAs are next to useless, so specifying
your own allowed certificate list, or your own allowed CA is fine, and
doesn't decrease security at all. And specifying a client certificate
_certainly_ doesn't decrease security.
Attached is a patch that fixes the wording.
Have fun (if at all possible),
The best we can hope for concerning the people at large is that they
be properly armed. -- Alexander Hamilton
-- Eric Hopper (hopper_at_omnifarious.org http://www.omnifarious.org/~hopper)=
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP MESSAGE-----
Received on Tue May 27 13:04:03 2003
- text/x-patch attachment: stored
This is an archived mail posted to the Subversion Dev