[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Fix issue #1330: accept server cert permanently

From: Joe Orton <joe_at_manyfish.co.uk>
Date: 2003-09-11 12:55:36 CEST

On Wed, Sep 10, 2003 at 06:33:57PM -0500, Ben Collins-Sussman wrote:
> David Waite <mass@akuma.org> writes:
>
> > I haven't had a chance to review the patch yet, just one overall problem:
> >
> > I disagree with the removal of the ssl-ignore-* options; there have
> > been and continue to be many servers on the internet with an
> > incorrectly set hostname or expired certificate, which I have no
> > control over. If a user wants to shoot themselves in the foot, it is
> > their foot to shoot. All we can do is put warning labels on the gun,
> > bullets, and their shoes ;-)
>
> I suspected this would be the beginning of a war. :-)
>
> For me, I'm satisfied that the svn client would now behave like a web
> browser. A web browser doesn't let you permanently ignore an expired
> certificate or hostname mismatch; why should svn?

I think it's better to aim to be ssh-like rather than browser-like...

Indexing the cache by fingerprint is not particularly useful - the cache
should really be indexed by (hostname, port) pair. On the first
session, the user is prompted to accept <this> cert for <that> hostname,
shown the fingerprint, expiry, and warned about hostname mismatches.

For subsequent sessions, you just compare the presented cert against the
cached cert for the hostname/port. It doesn't matter if the hostname in
the subject DN is wrong, the user has already said the cert was valid
first time round. (arguably expiry checking could be omitted too here)

joe

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Sep 11 12:57:18 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.