krime / serf

Automatically exported from code.google.com/p/serf
Apache License 2.0
1 stars 0 forks source link

Serf doesn't allow validation of server certificates #31

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
(with Subversion): $ svn ls https://svn.collab.net/repos/svn

What is the expected output? What do you see instead?

With the neon library, this should give:
Error validating server certificate for 'https://svn.collab.net:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: svn.collab.net
 - Valid: from Sep 24 22:01:07 2007 GMT until Sep 23 22:01:07 2011 GMT
 - Issuer: svn, CollabNet, Brisbane, California, US
 - Fingerprint: aa:5b:74:b1:e2:7f:38:b3:2b:c2:b1:60:6e:01:bb:f5:7c:37:98:46
(R)eject, accept (t)emporarily or accept (p)ermanently?
subversion/libsvn_ra_neon/util.c:601: (apr_err=175002)

With ra_serf, no question for validation is asked.

Serf doesn't do server certificate validation (at least, don't recognize it
in the code), so it doesn't have a callback to request the application for
validation for "non-trusted party" certificates.

Please use labels and text to provide additional information.

Original issue reported on code.google.com by lieven.govaerts@gmail.com on 14 Mar 2008 at 7:24

GoogleCodeExporter commented 9 years ago
The Subversion part of this issue is tracked in
http://subversion.tigris.org/issues/show_bug.cgi?id=3111.

Original comment by lieven.govaerts@gmail.com on 14 Mar 2008 at 7:26

GoogleCodeExporter commented 9 years ago
SSL Server certificate validation was added in r1176.

Original comment by lieven.govaerts@gmail.com on 17 Mar 2008 at 1:10

GoogleCodeExporter commented 9 years ago
Reopened, it's not finished completely yet.

The implementation doesn't allow the use of local non-default CA certificates 
yet,
nor does it have any tests.

Original comment by lieven.govaerts@gmail.com on 17 Mar 2008 at 7:15

GoogleCodeExporter commented 9 years ago
Loading of non-default CA certificates was added in r1178 and r1179. 

Also the first two SSL tests were added. 

Original comment by lieven.govaerts@gmail.com on 22 Mar 2008 at 8:33