[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?

From: Stefan Sperling <stsp_at_elego.de>
Date: Sat, 20 Jul 2019 11:51:26 +0200

On Fri, Jul 19, 2019 at 09:52:32PM +0000, Daniel Shahaf wrote:
> Stefan Sperling wrote on Fri, 19 Jul 2019 18:45 +00:00:
> > It looks like the interactive prompt omits an option to save the cert
> > if it sees a certificate failure of class 'other' from the above list.
> > I am not sure why this decision was made but that's what the current
> > code seems to do.
>
> The rationale is that if we don't know what the failure reason _is_, we
> don't know whether it's safe to ignore it permanently. In other words,
> it only offers "permanently" if the failure bits are all whitelisted.
>
> The downside is that there's no easy way for a user to say "I know what
> I'm doing, and I _do_ want to ignore this permanently; make it so", such
> as a utility that takes a PEM form certificate (on, say, stdin) and
> marks it as permanently trusted.

At the point where we're already asking the user, we might as well
let the user decide what to do, in any case.

Yes, some people might then save a bad cert without knowing any better.

But as a user I find it infuriating when software I use contains
artificial restrictions like this. We should assume our users know
what they are doing. Subversion is not a web browser.
Received on 2019-07-20 11:51:44 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.