[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Is it safe to redirect from HTTP to HTTPS in case of svn:externals?

From: Thorsten Schöning <tschoening_at_am-soft.de>
Date: Wed, 19 Aug 2015 21:50:24 +0200

Hi,

I'm implementing publicly accessible mod_davn_svn in addition to some
internally used svnserve. Some of my repos use svn:externals where we
used to defined "//internal.example.org/...", my publicly available
entry point is "https://external.example.org". For the public
"internal.example.org" is resolved as "external.example.org", so
checking out a repo from HTTPS with svn:externals used would result in
a request to "https://internal.example.org" and produce certificate
verification failures in the client because of mismatching domain
names and such.

So I thought of simply changing the svn:externals definition to
"http://internal.example.org" which I can then redirect to
"https://external.example.org" on my public server. In my tests that
seemed to work properly and the important part is that the locally
created working copy for svn:externals only contained HTTPS-URLs.

So am I correct that my approach is safe regarding that no user
passwords or such are going unencrypted over the wire if only the
first request doesn't contain such passwords and will always only be
the redirect? Any other problems which I might overlook currently?

Thanks!

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning       E-Mail: Thorsten.Schoening_at_AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/
Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04
AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
Received on 2015-08-19 21:50:41 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.