[ET Trac] [Einstein Toolkit] #1812: GetComponents needs to come with (a selected few) trusted certificates

Einstein Toolkit trac-noreply at einsteintoolkit.org
Tue Sep 1 10:27:44 CDT 2015


#1812: GetComponents needs to come with (a selected few) trusted certificates
----------------------------+-----------------------------------------------
  Reporter:  knarf          |       Owner:                     
      Type:  enhancement    |      Status:  new                
  Priority:  minor          |   Milestone:                     
 Component:  GetComponents  |     Version:  development version
Resolution:                 |    Keywords:                     
----------------------------+-----------------------------------------------

Comment (by rhaas):

 This can be a bit dangerous in case this happens on a user's workstation
 and they later run svn directly on the command line (eg svn update) and
 then receive the svn error message. We should output some information that
 a certificate file was created along with instructions for users to use
 it.

 Instead of an svn option you can set the SSL_CERT_FILE environment
 variable (in GetComponents before calling svn) and point it to the proper
 file (works on OSX's svn 1.7 and 1.8 from macports and on my linux
 workstation). Git supports a sslcainfo option in the http section of its
 config file so at least for git we can try and see if it allows the system
 certificates to be supplemented by the ones GetComponents provided on a
 per repository basis.

 The alternative (which I'd prefer) would of course be to get a ssl
 certificate from a common/old enough root authority that is supported by
 all systems we care about.

-- 
Ticket URL: <https://trac.einsteintoolkit.org/ticket/1812#comment:2>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit


More information about the Trac mailing list