RE: trust-server-cert not behaving as expected

2015-03-12 Thread Madsen, Terry
5 06:34 To: Branko Čibej Cc: users@subversion.apache.org; Madsen, Terry Subject: Re: trust-server-cert not behaving as expected On Tue, Mar 10, 2015 at 02:07:45PM +0100, Branko Čibej wrote: > On 10.03.2015 13:59, Madsen, Terry wrote: > > > > Thanks for the quick reply! > > > >

Re: trust-server-cert not behaving as expected

2015-03-10 Thread Stefan Sperling
r (with a strong recommendation to use https). So the > > risk of the sort of attack you mention is lower than if it was a > > random machine around the net, and TLS isn't really an option. > > > > > > > > Would it lessen your concern if a --really-trus

Re: trust-server-cert not behaving as expected

2015-03-10 Thread Branko Čibej
ion is lower than if it was a > random machine around the net, and TLS isn't really an option. > > > > Would it lessen your concern if a --really-trust-server-cert would > only work if the IP is a non-public one (10.x.x.x, 192.168.x.x, etc)? > > > > Again, though,

RE: trust-server-cert not behaving as expected

2015-03-10 Thread Madsen, Terry
an option. Would it lessen your concern if a --really-trust-server-cert would only work if the IP is a non-public one (10.x.x.x, 192.168.x.x, etc)? Again, though, given that people are already working around this in ways that seem worse, I'm thinking that this is a matter of "pavin

Re: trust-server-cert not behaving as expected

2015-03-10 Thread Branko Čibej
o get the option to permanently accept, if I don't specify > '--no-auth-cache'.) > > If I add '--non-interactive', I get 'svn: E230001: ... issuer is not > trusted'. Again, fine: bad cert, non interactive, gotta bail. > > If I also add (append)

trust-server-cert not behaving as expected

2015-03-09 Thread Madsen, Terry
'--non-interactive', I get 'svn: E230001: ... issuer is not trusted'. Again, fine: bad cert, non interactive, gotta bail. If I also add (append) '--trust-server-cert', based on the help for this, I expect things to work. However I still get the E230001 error. The standard w

Re: --trust-server-cert

2010-06-10 Thread Arpad Ilia
Thank you for the thorough answer, I appriciate it. Arpad Ilia On Wednesday, June 09, 2010 07:03:21 pm Daniel Shahaf wrote: > Short version: --trust-server-cert bypasses ONLY the "CA is unknown" > check; it doesn't bypass hostname and expiry checks. > > Arpad Ilia wro

Re: --trust-server-cert

2010-06-09 Thread Daniel Shahaf
Short version: --trust-server-cert bypasses ONLY the "CA is unknown" check; it doesn't bypass hostname and expiry checks. Arpad Ilia wrote on Wed, 9 Jun 2010 at 15:38 -: > Hi! > > Is my observation correct that this command line switch > (--trust-server-cert) w

--trust-server-cert

2010-06-09 Thread Arpad Ilia
Hi! Is my observation correct that this command line switch (--trust-server-cert) will not accept certificates where the certificate hostname does not match? Thanks, Arpad Ilia signature.asc Description: This is a digitally signed message part.