[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Fwd: Re: Subversion + SSL + Client Certificate Authentication]

From: <kfogel_at_collab.net>
Date: 2003-08-12 05:40:57 CEST

David Waite <mass@akuma.org> writes:
> How does everyone feel about me tossing this change in as part of the
> SSL changes in the neon-0.24 branch, perhaps as an
> ssl-override-cert-hostname option?

I didn't understand what it's for, from the context below. (Sorry, am
I just being dense?)

-K

> -------- Original Message --------
> Subject: Re: Subversion + SSL + Client Certificate Authentication
> Date: Tue, 12 Aug 2003 00:49:48 +0200
> From: Tobias Ringström <tobias@ringstrom.mine.nu>
> To: Lübbe Onken <L.Onken@rac.de>
> CC: 'Chris Croome' <chris@webarchitects.co.uk>, Subversion Users
> <users@subversion.tigris.org>
> References: <E07FABBCC6C6D31199270050DA5F215E5244AD@NEPTUN>
>
>
> <snip>
>
> While this is possible, it really cripples the security that SSL is
> supposed to give you. I totally agree with Mukund here, and I do not
> like that option. An slightly more acceptable option would be:
>
> ssl-cert-hostname = wrong.hostname.com
>
> This option would allow that specific hostname and not any host
> name. This way you will know if something bad(TM) happens. With
> ssl-ignore-host-mismatch you will not see a thing. The main problem
> with ssl-cert-hostname is that it does not exist, though. :-)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Aug 12 06:21:15 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.