Re: svn + SSL?

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Wed, 23 Dec 2015 09:16:06 +0000

Nico Kadel-Garcia wrote on Mon, Dec 21, 2015 at 19:07:18 -0500:
> On Mon, Dec 21, 2015 at 2:21 PM, David Brodbeck <brodbd_at_uw.edu> wrote:
> >
> >
> > On Sat, Dec 19, 2015 at 2:43 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name>
> > wrote:
> >>
> >> Or perhaps stunnel, which has its pros and cons (e.g., an SSL
> >> vulnerability won't compromise the svn process).
> >
> >
> > I thought about suggesting that, too, but I'm not sure it's workable. While
> > it'd be easy to set up on the server side, it would be very clumsy on the
> > client side, since the client isn't going to understand svn-over-TLS without
> > its own stunnel instance.
>
> Sure it can. This is similar to how svn+ssh works. For stunnel, you'd
> set up a port tunnel from a port on your localhost.

Or you could use a stdio tunnel:

svn info svn+ssl://host/foo/bar --config-option=config:tunnels:ssl='$SVN_SSL /path/to/script'

with /path/to/script being

#!/bin/sh
socat STDIO OPENSSL:$1:3691

($1 is the remote hostname)
Received on 2015-12-23 10:43:03 CET

This message: [ Message body ]
Next message: arun prasath: "Re: Regarding install and running svn1.9.2 for svnserve and http access in browser"
Previous message: Ryan Schmidt: "Re: Regarding install and running svn1.9.2 for svnserve and http access in browser"
In reply to: Nico Kadel-Garcia: "Re: svn + SSL?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]