Re: [PATCH] SSL layer for svnserve

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2004-10-18 22:00:00 CEST

I haven't had a chance to look at this patch yet, but just off the top
of my head I had a few comments...

> A few points to note for a SSL enabled svnserve :
>
> * svnserve will refuse clients that does not have SSL capability.

I'm not sure this is the way we should go on this... It would be nice
to be able to allow people to access the repository via both non-ssl and
ssl connections, but give the server that information so they can be
treated differently. For example we might want to refuse to allow
commits over non-ssl connections, but allow them for ssl connections.
Just refusing non-ssl connections seems a bit limiting...

> * Since the realm is sendt as part of the greeting, this will not be
> encrypted.

That's unfortunate. Do you see a good way to change the protocol to
avoid the leakage?

> * The client must at least use version 2 of the svnserve protocol.

That's perfectly fine with me ;-)

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Oct 18 23:30:50 2004

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: Locking functional spec: timeouts"
Previous message: Peter N. Lundblad: "Re: svn commit: r11393 - trunk"
In reply to: Sigfred Håversen: "[PATCH] SSL layer for svnserve"
Next in thread: Greg Hudson: "Re: [PATCH] SSL layer for svnserve"
Reply: Greg Hudson: "Re: [PATCH] SSL layer for svnserve"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]