Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?

From: Branko Čibej <brane_at_apache.org>
Date: Sat, 20 Jul 2019 15:50:33 +0200

On Sat, 20 Jul 2019, 11:51 Stefan Sperling, <stsp_at_elego.de> wrote:

>
> But as a user I find it infuriating when software I use contains
> artificial restrictions like this.

We recently disabled plaintext password storage (by default) in the build
configuration, making it effectively unavailable to users who don't build
from source. The rationale for that decision was the same as for not
permanently trusting certs with unknown failures.

We should assume our users know
> what they are doing. Subversion

is not a web browser.
>

I will refrain from spelling out the snide remark that immediately comes to
mind. :)

What we *should* do is use any platform APIs available for cert validation,
as I already mentioned on the other thread in my response to Evgeny's
commit. One might wish that OpenSSL through Serf took care of that, but
unfortunately it does not, so it's up to us. Given the growing popularity
of Let's Encrypt's server certs with 3 months validity, the potential for
user infuriation may be growing quite quickly.

-- Brane

>
Received on 2019-07-20 15:50:53 CEST

This message: [ Message body ]
Next message: Nico Kadel-Garcia: "Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?"
Previous message: Stefan Sperling: "Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?"
In reply to: Stefan Sperling: "Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?"
Next in thread: Nico Kadel-Garcia: "Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]