[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 0.29.0 - PKCS12 Certificates Only?

From: Garret Wilson <garret_at_globalmentor.com>
Date: 2003-09-12 04:24:54 CEST

Ben Collins-Sussman wrote:
> Tobias Ringström <tobias@ringstrom.mine.nu> writes:
>>Real soon now you will not need to do any configuration at all to
>>accept real non-self-signed certificates. It's a two-liner (or
>>slightly more if configuration parameters to turn it off are wished
>>for), and it's planned for 0.30.


> Just committed your patch to HEAD, Tobias.
> If you set 'ssl-trust-default-ca = true' in your ~/.subversion/servers
> file, svn will trust all the the 'default' CAs installed by a sysadmin.

1. Will this work on Win32, too? Will the Win32 client recognize the
usual root CAs? (e.g. VeriSign, Thawte, InstantSSL, Comodo, etc.)

2. Can't we have "ssl-trust-default-ca" default to true? The whole point
of trusted root CAs is that they can be trusted, and the whole point of
installing root CAs is that those are trusted by default. (By analogy,
I'd hate to have to change a configuration file just to order from
amazon.com using HTTPS in a browser.)

The bother of adding "ssl-trust-default-ca" to a configuration file
doesn't buy me much in *time* from adding my own server to the config
file. Or, looking at this from another view, if someone has bothered to
install "default" CAs why should someone have to bother adding a flag
that says to use the "default" CAs. Are they really "default" if one has
to turn them on? But I'm babbling (as I sit in class listening to the
teacher drone on...)



To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Sep 12 04:26:40 2003

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.