[Fwd: Re: Subversion + SSL + Client Certificate Authentication]

How does everyone feel about me tossing this change in as part of the
SSL changes in the neon-0.24 branch, perhaps as an
ssl-override-cert-hostname option?

-David Waite

-------- Original Message --------
Subject: Re: Subversion + SSL + Client Certificate Authentication
Date: Tue, 12 Aug 2003 00:49:48 +0200
From: Tobias Ringström <tobias@ringstrom.mine.nu>
To: Lübbe Onken <L.Onken@rac.de>
CC: 'Chris Croome' <chris@webarchitects.co.uk>, Subversion Users
<users@subversion.tigris.org>
References: <E07FABBCC6C6D31199270050DA5F215E5244AD@NEPTUN>

<snip>

While this is possible, it really cripples the security that SSL is
supposed to give you. I totally agree with Mukund here, and I do not
like that option. An slightly more acceptable option would be:

        ssl-cert-hostname = wrong.hostname.com

This option would allow that specific hostname and not any host name.
This way you will know if something bad(TM) happens. With
ssl-ignore-host-mismatch you will not see a thing. The main problem with
ssl-cert-hostname is that it does not exist, though. :-)

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Aug 12 01:40:08 2003