[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

ssl-trust-default-ca

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-07-16 00:33:10 CEST

In ~/.subversion/servers, there's a variable called 'ssl-trust-
default-ca' which defaults to "false".

If set to "true", then it tells neon to automatically trust the list
of "default" Certifying Authorities that normally ships with
openssl. (Verisign, Thawte, RSA, etc.)

The thing is, the fact that this variable is set to 'false' by
default is sort of annoying. To trust really, really common CA's,
the user must go set this runtime variable... otherwise he's stuck
answering questions about every new certificate that comes along.
("Yes, trust this cert, yes, this one too...")

Web browsers don't act like this; they trust openssl's 'big-name'
list automatically.

I asked David Waite why Subversion doesn't also trust the big-name
servers by default as well, and he couldn't remember a good reason.
Does anyone else?

If not, does anyone mind if I change the variable's default variable
to 'true'?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Jul 16 00:33:50 2005

This is an archived mail posted to the Subversion Dev mailing list.