Re: ra_serf not storing client cert creds

From: Philip Martin <philip_at_codematters.co.uk>
Date: Thu, 26 Jul 2018 12:46:49 +0100

Daniel Shahaf <d.s_at_daniel.shahaf.name> writes:

> Not opposed to reinstating, but curious how come this regression hasn't
> been noticed until now. It has been just over five years since we
> dropped ra_neon (in 1.8.0). Did some distro only recently upgrade from
> 1.7 to 1.9 or something?

I suspect it wasn't reported earlier because a) few people use client
certs, b) the introduction of ssl-client-cert-file-prompt (issue 2410)
means that users must edit their config to be able to use a client cert
at all -- and when they do that they can simply set ssl-client-cert-file
and ssl-client-cert-file-password in the servers file and bypass the
storage problem. The user could still complain about storing the
password in the servers file, rather than the password stores, but users
may not recognise that as an issue.

-- 
Philip

Received on 2018-07-26 13:47:07 CEST

This message: [ Message body ]
Next message: Stefan: "New MaxSVN releases (incl. 1.9.9 and 1.10.2)"
Previous message: Daniel Shahaf: "Re: ra_serf not storing client cert creds"
In reply to: Daniel Shahaf: "Re: ra_serf not storing client cert creds"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]