I haven't had a chance to review the patch yet, just one overall problem:
I disagree with the removal of the ssl-ignore-* options; there have been
and continue to be many servers on the internet with an incorrectly set
hostname or expired certificate, which I have no control over. If a user
wants to shoot themselves in the foot, it is their foot to shoot. All we
can do is put warning labels on the gun, bullets, and their shoes ;-)
I even use ssl-ignore-invalid-hostname on my own repositories, and I
wrote both the options and the warnings.
-David Waite
Tobias Ringström wrote:
> After much discussion on IRC (and some wild hiking in svn_auth land),
> I'm now happy to present my proposal of a solution to issue 1330. So
> what does this patch do exactly, you ask. Remember this prompt?
>
> ~> svn ls https://cheap.bastard.com/svn/
> Error validating server certificate: Unknown certificate issuer.
> Accept? (y/N):
>
> Well, forget about it. With this patch you will get the following
> instead:
>
> ~> svn ls https://cheap.bastard.com/svn/
> Error validating server certificate:
> - Unknown certificate issuer
> Fingerprint:
> 11:f4:44:17:2c:e6:8e:80:a0:b8:3d:bd:b6:c7:43:1d:90:f7:69:7b
> Distinguished name: SE
> (R)eject, accept (t)emporarily or accept (p)ermanently?
>
> As you can see, you get a choice not only to reject or accept the
> certificate temporarily for this session only as before, but you can
> also choose to accept it permanently. If you do that you will never
> get that prompt again for that particular certificate. Note that you
> do not get to choose to accept the cert permanently if there are other
> problems with the cert such as wrong hostname, not yet valid or
> expired. Here's an example of such a prompt:
>
> ~> svn ls https://snakeoil.security.com/svn/
> Error validating server certificate:
> - Unknown certificate issuer
> Fingerprint:
> bc:10:cd:db:1d:8c:db:07:a7:76:76:50:ce:e7:ef:89:5f:3a:60:12
> Distinguished name: Snakeoil Security Inc
> - Hostname mismatch (evil.hacker.net)
> - Certificate expired or not yet valid
> Valid from May 12 15:08:43 2002 GMT until May 12 15:08:43 2003 GMT
> (R)eject or accept (t)emporarily?
>
> Another change included in this patch is the removal of all the
> insecure ssl-ignore-* options.
>
> Diffstat, log message and patch (against trunk r7042) are included for
> your pleasure. It passes make check without errors.
>
> I look forward to your comments!
>
> /Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Sep 11 01:28:53 2003