[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svnserve TLS support?

From: Wesley J. Landaker <wjl_at_icecavern.net>
Date: 2006-04-26 16:20:17 CEST

Hi folks,

I see issue #1144 about integrating SASL into svnserve for authentication.
Has anyone considered also supporting TLS to allow security for the entire
svnserve connection, on par with what is provided currently for https?

Some advantages of having svnserve support TLS upgrading:
  * Works well with SASL, used in imaps, smtps, xmpp, ldap, etc.
  * Provides consistent transport security (vs. using SASL alone)
  * TLS is a draft internet standard that is already widely deployed.
  * Open source TLS libraries available, compatible with Subversion license:
    * GNU TLS <http://www.gnu.org/software/gnutls/> is LGPL'd.
    * OpenSSL <http://www.openssl.org/> is under an Apache-style license.
  * Doesn't require an extra IANA port (vs. using straight SSL)
    * (Since we should, as recommended, use an upgrade-to-TLS mechanism.)

Anyway, just wondering if anyone else has considered this, and/or if anyone
is interested in working on this. =)

Also, as a separate but related issue, it would also be nice to support HTTP
TLS upgrading when using http (RFC 2817); I don't think this is already
supported, but I haven't checked.)

-- 
Wesley J. Landaker <wjl@icecavern.net> <xmpp:wjl@icecavern.net>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2

  • application/pgp-signature attachment: stored
Received on Wed Apr 26 16:22:09 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.