Server certificates accepted silently

I use svnant 1.1.0-RC2 to connect to a server using https
with the javaSVN.

Everything works fine, except that I would like to be sure
of the
identity of the server.  I tried to put different thing in
the servers
file in the field ssl-authority-files and
ssl-trust-default-ca, but
the server certificattes are always accepted silently.  I
would like
to see them refused and then configure the right one so that
only the
expected certificates are accepted.

I didn't manage to do it.

I checked that I was modifying the correct file by setting
wrong
http-proxy info and the connection was correctly failing. 
But no way
to make it fail because of an unexpected certificates.

Is this suposed to work?  Am I missing some configuration
parameter?

Thanks for your help.


Gilles Scokart

------------------------------------------------------------
---------
To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
For additional commands, e-mail: users-helpsubclipse.tigris.org

Hello Gilles,

If you're using SVNKit(JavaSVN) adapter, then it will
temporary accept 
all certificates when used with SVNAnt. It is implemented
this way to 
avoid prompting user during non-interactive operation.

I think I will add an option to make SVNKit(JavaSVN) to
accept only 
those certificates that are stored locally as
"trusted". You may expect 
this fix in 1.1.1 version of SVNKit in about a week.

Alexander Kitaev,
TMate Software,
http://svnkit.com/ - Java
[Sub]Versioning Library!

Gilles Scokart wrote:
> I use svnant 1.1.0-RC2 to connect to a server using
https with the javaSVN.
> 
> Everything works fine, except that I would like to be
sure of the
> identity of the server.  I tried to put different thing
in the servers
> file in the field ssl-authority-files and
ssl-trust-default-ca, but
> the server certificattes are always accepted silently. 
I would like
> to see them refused and then configure the right one so
that only the
> expected certificates are accepted.
> 
> I didn't manage to do it.
> 
> I checked that I was modifying the correct file by
setting wrong
> http-proxy info and the connection was correctly
failing.  But no way
> to make it fail because of an unexpected certificates.
> 
> Is this suposed to work?  Am I missing some
configuration parameter?
> 
> Thanks for your help.
> 
> 
> Gilles Scokart
> 
>
------------------------------------------------------------
---------
> To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
> For additional commands, e-mail: users-helpsubclipse.tigris.org
> 
> 

------------------------------------------------------------
---------
To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
For additional commands, e-mail: users-helpsubclipse.tigris.org

Thanks a lot!

Gilles

2006/11/24, Alexander Kitaev <Alexander.Kitaevsvnkit.com>:
> Hello Gilles,
>
> If you're using SVNKit(JavaSVN) adapter, then it will
temporary accept
> all certificates when used with SVNAnt. It is
implemented this way to
> avoid prompting user during non-interactive operation.
>
> I think I will add an option to make SVNKit(JavaSVN) to
accept only
> those certificates that are stored locally as
"trusted". You may expect
> this fix in 1.1.1 version of SVNKit in about a week.
>
> Alexander Kitaev,
> TMate Software,
> http://svnkit.com/ -
Java [Sub]Versioning Library!
>
> Gilles Scokart wrote:
> > I use svnant 1.1.0-RC2 to connect to a server
using https with the javaSVN.
> >
> > Everything works fine, except that I would like to
be sure of the
> > identity of the server.  I tried to put different
thing in the servers
> > file in the field ssl-authority-files and
ssl-trust-default-ca, but
> > the server certificattes are always accepted
silently.  I would like
> > to see them refused and then configure the right
one so that only the
> > expected certificates are accepted.
> >
> > I didn't manage to do it.
> >
> > I checked that I was modifying the correct file by
setting wrong
> > http-proxy info and the connection was correctly
failing.  But no way
> > to make it fail because of an unexpected
certificates.
> >
> > Is this suposed to work?  Am I missing some
configuration parameter?
> >
> > Thanks for your help.
> >
> >
> > Gilles Scokart
> >
> >
------------------------------------------------------------
---------
> > To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
> > For additional commands, e-mail: users-helpsubclipse.tigris.org
> >
> >
>
>
------------------------------------------------------------
---------
> To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
> For additional commands, e-mail: users-helpsubclipse.tigris.org
>
>

------------------------------------------------------------
---------
To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
For additional commands, e-mail: users-helpsubclipse.tigris.org

By the way how will I give this option?  Will this option be
always
active?  Or did I have to pass this option to the ant task?
In that
case the svnant will have to be updated as well.

Thanks,
Gilles


2006/11/24, Alexander Kitaev <Alexander.Kitaevsvnkit.com>:
> Hello Gilles,
>
> If you're using SVNKit(JavaSVN) adapter, then it will
temporary accept
> all certificates when used with SVNAnt. It is
implemented this way to
> avoid prompting user during non-interactive operation.
>
> I think I will add an option to make SVNKit(JavaSVN) to
accept only
> those certificates that are stored locally as
"trusted". You may expect
> this fix in 1.1.1 version of SVNKit in about a week.
>
> Alexander Kitaev,
> TMate Software,
> http://svnkit.com/ -
Java [Sub]Versioning Library!
>
> Gilles Scokart wrote:
> > I use svnant 1.1.0-RC2 to connect to a server
using https with the javaSVN.
> >
> > Everything works fine, except that I would like to
be sure of the
> > identity of the server.  I tried to put different
thing in the servers
> > file in the field ssl-authority-files and
ssl-trust-default-ca, but
> > the server certificattes are always accepted
silently.  I would like
> > to see them refused and then configure the right
one so that only the
> > expected certificates are accepted.
> >
> > I didn't manage to do it.
> >
> > I checked that I was modifying the correct file by
setting wrong
> > http-proxy info and the connection was correctly
failing.  But no way
> > to make it fail because of an unexpected
certificates.
> >
> > Is this suposed to work?  Am I missing some
configuration parameter?
> >
> > Thanks for your help.
> >
> >
> > Gilles Scokart
> >
> >
------------------------------------------------------------
---------
> > To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
> > For additional commands, e-mail: users-helpsubclipse.tigris.org
> >
> >
>
>
------------------------------------------------------------
---------
> To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
> For additional commands, e-mail: users-helpsubclipse.tigris.org
>
>

------------------------------------------------------------
---------
To unsubscribe, e-mail: users-unsubscribesubclipse.tigris.org
For additional commands, e-mail: users-helpsubclipse.tigris.org