Re: [PATCH] Fix issue #1330: accept server cert permanently, take 2

From: Tobias Ringstrom <tobias_at_ringstrom.mine.nu>
Date: 2003-09-11 22:49:20 CEST

Justin Erenkrantz wrote:
> --On Thursday, September 11, 2003 2:05 PM +0200 Tobias Ringstrom
> <tobias@ringstrom.mine.nu> wrote:
>
>> If the server certificate has other problems (incorrect hostname, not
>> yet valid or expired), the user can coose to reject the cert or to
>> accept it temporarily.
>
> I think the user should be allowed to accept it permanently even with
> these errors. Most web browsers will allow this. -- justin

I'm not sure what you mean. I just tried IE 6.0 SP1 and Mozilla 1.4 on
both Windows and Linux and while you can choose to trust the cert
permanently, you still get warned every time that the cert has expired
and that the hostname is incorrect.

Ahh. I guess you mean that Subversion should allow the cert to be
stored permanently and not warn for future connections that the cert
cannot be verified, but do warn if the cert has expired or if the
hostname is wrong. I think that's reasonable.

Unless someone objects, I'll add that to the patch (as well as the two
ssl-ignore options).

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Sep 11 22:50:09 2003

This message: [ Message body ]
Next message: Martin Fuchs: "Re: cvs2svn change_path crash - Windows"
Previous message: Branko Čibej: "Re: [OT] Win32 condition variable implementation"
In reply to: Justin Erenkrantz: "Re: [PATCH] Fix issue #1330: accept server cert permanently, take 2"
Next in thread: Philip Martin: "Re: [PATCH] Fix issue #1330: accept server cert permanently"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]