[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion + SSL + Client Certificate Authentication

From: Tobias Ringström <tobias_at_ringstrom.mine.nu>
Date: 2003-08-12 00:49:48 CEST

Lübbe Onken wrote:

> Hi Chris,
>
>>The only thing that is a bit of a pain is if you have a self
>>generated certificate and a host name mismatch you keep getting
>>prompted about this, a 'stop warning about this' opetion would be
>>nice!
>
> how about putting the following in your 'servers' file
>
> [groups]
> mygroup = *.my.group.com
> # othergroup = repository.blarggitywhoomph.com
> # thirdgroup = *.example.com
>
> ### Information for the first group:
> [mygroup ]
> ssl-ignore-host-mismatch = true

While this is possible, it really cripples the security that SSL is
supposed to give you. I totally agree with Mukund here, and I do not
like that option. An slightly more acceptable option would be:

        ssl-cert-hostname = wrong.hostname.com

This option would allow that specific hostname and not any host name.
This way you will know if something bad(TM) happens. With
ssl-ignore-host-mismatch you will not see a thing. The main problem with
ssl-cert-hostname is that it does not exist, though. :-)

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 12 00:50:45 2003

This is an archived mail posted to the Subversion Users mailing list.