On Wednesday 20 October 2004 18.46, Garrett Rooney wrote:
> Sigfred Håversen wrote:
> > If the certificate is specified in the repo config, then svnserve does
> > not know if it has a valid certificate when a client connects. All it
> > knows is that it can handle SSL, if needed. The more tricky part is to
> > handle the SSL handshake, and that probably require more communication
> > between client and svnserve before actual SSL handshake. After the
> > greeting, svnserve can check that a certificate is indeed present in the
> > repo, and then load/verify it. At this stage the client and svnserve can
> > continue with the SSL as desribed above. Actually, with this approach
> > svnserve does not need to announce ssl capability at greeting as this
> > will be handled with further handshaking. But this does add complexity,
> > and perhaps a change in the protocoll as well.
>
> But the client already sends the URL in the greeting, and that's all you
> need to find the repository and thus find the repository config file. I
> don't see why you can't just do that before you start the SSL handshake.
>
> Am I missing something here?
>
> -garrett
>
More with me thinking unclearly, I'm afraid. With both SSL and non-SSL access
to repo, an extra step needed to be taken in the handshake and that has
already been done. No need for extra steps as I suggested, as far as I can
see. The initial announcement from server that SSL might be available is not
needed, though. svnserve will send ssl or ssl-auth based upon info from repo
config file.
/Sigfred
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 20 20:28:04 2004