Re: svn + SSL?

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 19 Dec 2015 10:43:01 +0000

jblist_at_icloud.com wrote on Thu, Dec 17, 2015 at 16:46:12 -0700:
> Setting up Apache for https is a bit heavy and SSH requires the
> existence of local users.

svn+ssh:// requires the existence of *one* local user, which be locked down
with command="svnserve -t",no-x11-forwarding, etc., in authorized_keys(5).

> Has there been any thought to added SSL/TLS to the svn protocol?
>
> Adding TLS doesn't seem like it would be
> that hard and would help when using SASL/LDAP when passing plaintext
> passwords.

It's not clear to me what your concern is, whether it is avoiding
password-based authentication, or achieving full on-the-wire encryption,
or something else.

In any case, I suspect it would be far less work to simply document how
to configure SASL with full on-the-wire encryption and client
certificates.

Or perhaps stunnel, which has its pros and cons (e.g., an SSL
vulnerability won't compromise the svn process).

Cheers,

Daniel
Received on 2015-12-19 11:43:25 CET

This message: [ Message body ]
Next message: David Brodbeck: "Re: svn + SSL?"
Previous message: Philip Martin: "Re: Apache+Kerberos+SVN works with IE repo browser, but not Chrome or TSVN ???"
In reply to: jblist_at_icloud.com: "svn + SSL?"
Next in thread: David Brodbeck: "Re: svn + SSL?"
Reply: David Brodbeck: "Re: svn + SSL?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]