You can configure Apache to require that anyone who connects must
have a valid client cert (SSLVerifyClient require). But that is not the
default. So as far as subversion is concerned, no one needs a client cert
unless you configure Apache to require it, and if you do, then subversion
would require it too.
Aaron
On Mon, 1 Nov 2004, Matheus Leite wrote:
> Hi all, this is a generic question about SVN and security.
> I am no Apache expert but I've read the book and was able to setup SVN
> with https under Apache2.
> What is not clear to me (and I think it is not clear in the book) is
> under what circumstances will I need a client certificate. I thought
> this would be enforced if I used https, but currently I am able to
> access SVN only providing username/password.
> Could someone explain a bit on this matter or point me to some references?
>
> Regards
>
> Matheus
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Nov 1 22:49:49 2004