Re: [PATCH] Fix issue #1330: accept server cert permanently

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2003-09-11 01:33:57 CEST

David Waite <mass@akuma.org> writes:

> I haven't had a chance to review the patch yet, just one overall problem:
>
> I disagree with the removal of the ssl-ignore-* options; there have
> been and continue to be many servers on the internet with an
> incorrectly set hostname or expired certificate, which I have no
> control over. If a user wants to shoot themselves in the foot, it is
> their foot to shoot. All we can do is put warning labels on the gun,
> bullets, and their shoes ;-)

I suspected this would be the beginning of a war. :-)

For me, I'm satisfied that the svn client would now behave like a web
browser. A web browser doesn't let you permanently ignore an expired
certificate or hostname mismatch; why should svn?

The only thing a web browser allows you do "permanently" is cache a
server cert with an unknown CA.... and now svn will behave the same
way.

Battlestations!

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Sep 11 01:34:54 2003

This message: [ Message body ]
Next message: Ronald Cannes: "Re: SVN API"
Previous message: David Waite: "Re: [PATCH] Fix issue #1330: accept server cert permanently"
In reply to: David Waite: "Re: [PATCH] Fix issue #1330: accept server cert permanently"
Next in thread: Joe Orton: "Re: [PATCH] Fix issue #1330: accept server cert permanently"
Reply: Joe Orton: "Re: [PATCH] Fix issue #1330: accept server cert permanently"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]