ssl-trust-default-ca

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-07-16 00:33:10 CEST

In ~/.subversion/servers, there's a variable called 'ssl-trust-
default-ca' which defaults to "false".

If set to "true", then it tells neon to automatically trust the list
of "default" Certifying Authorities that normally ships with
openssl. (Verisign, Thawte, RSA, etc.)

The thing is, the fact that this variable is set to 'false' by
default is sort of annoying. To trust really, really common CA's,
the user must go set this runtime variable... otherwise he's stuck
answering questions about every new certificate that comes along.
("Yes, trust this cert, yes, this one too...")

Web browsers don't act like this; they trust openssl's 'big-name'
list automatically.

I asked David Waite why Subversion doesn't also trust the big-name
servers by default as well, and he couldn't remember a good reason.
Does anyone else?

If not, does anyone mind if I change the variable's default variable
to 'true'?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Jul 16 00:33:50 2005

This message: [ Message body ]
Next message: Branko Čibej: "Re: libsvn_repos logging -- design problems"
Previous message: Ben Collins-Sussman: "libsvn_repos logging -- rethunk"
Next in thread: Branko Čibej: "Re: ssl-trust-default-ca"
Reply: Branko Čibej: "Re: ssl-trust-default-ca"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]