Sigfred Håversen wrote:
> If the certificate is specified in the repo config, then svnserve does not
> know if it has a valid certificate when a client connects. All it knows
> is that it can handle SSL, if needed. The more tricky part is to handle
> the SSL handshake, and that probably require more communication between
> client and svnserve before actual SSL handshake. After the greeting, svnserve
> can check that a certificate is indeed present in the repo, and then
> load/verify it. At this stage the client and svnserve can continue with the
> SSL as desribed above. Actually, with this approach svnserve does not need to
> announce ssl capability at greeting as this will be handled with further
> handshaking. But this does add complexity, and perhaps a change in the
> protocoll as well.
But the client already sends the URL in the greeting, and that's all you
need to find the repository and thus find the repository config file. I
don't see why you can't just do that before you start the SSL handshake.
Am I missing something here?
-garrett
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 20 18:47:40 2004