[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Bug in client's handling of value specified for the 'ssl-authority-files' parameter maintained in ~/.subversion/servers

From: <jeff.bunds_at_ubs.com>
Date: 2007-01-24 15:29:58 CET

Hello,

The Subversion book published at
http://svnbook.red-bean.com/nightly/en/svn-book.html says, quote:

        "Your run-time servers file also gives you the ability to make
your Subversion client automatically trust specific CAs, either globally
or on a per-host basis. Simply set the ssl-authority-files variable to a
semicolon-separated list of PEM-encoded CA certificates:

                [global]
                ssl-authority-files =
/path/to/CAcert1.pem;/path/to/CAcert2.pem

        Many OpenSSL installations also have a pre-defined set of
"default" CAs that are nearly universally trusted. To make the
Subversion client automatically trust these standard authorities, set
the ssl-trust-default-ca variable to true."

Assuming that first statement is true, consider the following
~/.subversion/servers file:

        [groups]
        subversion = subversion.domain.com
        foo = foo.domain.com
        bar = bar.domain.com
        whatever = *.domain.com

        [global]
        ssl-authority-files =
/home/foo/certs/some_cert.pem;/home/bar/certs/some_other_cert.pem
        ssl-trust-default-ca = yes

When one but not all of the following paths resolve to valid, readable
PEM-encoded CA certificates:

        /home/foo/certs/some_cert.pem
        /home/bar/certs/some_other_cert.pem

and further, for purposes of illustration, let's say that the latter
path /home/bar/certs/some_other_cert.pem, does not exist, then the
client will preemptively abort any operation involving a trip to the
server with the following error message:

        svn: Invalid config: unable to load certificate file
'/home/bar/certs/some_other_cert.pem'

If this is the intended behavior, please justify it on practical
grounds. I believe it is more useful for the client to *not* abort in
cases where any of the specified PEM-encoded CA certificate file paths
do not resolve (or perhaps resolve to an invalid file); it should
instead carry on with the user-specified operation if *any* of the
certificate files validate the specified SSL-wrapped URL.

Sincerely,

Jeff Bunds

Visit our website at http://www.ubs.com

This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jan 24 15:30:57 2007

This is an archived mail posted to the Subversion Users mailing list.