subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bert Huijben" <>
Subject RE: Is it safe to redirect from HTTP to HTTPS in case of svn:externals?
Date Wed, 19 Aug 2015 20:06:47 GMT

> -----Original Message-----
> From: Thorsten Schöning []
> Sent: woensdag 19 augustus 2015 21:50
> To:
> Subject: Is it safe to redirect from HTTP to HTTPS in case of svn:externals?
> Hi,
> I'm implementing publicly accessible mod_davn_svn in addition to some
> internally used svnserve. Some of my repos use svn:externals where we
> used to defined "//", my publicly available
> entry point is "". For the public
> "" is resolved as "", so
> checking out a repo from HTTPS with svn:externals used would result in
> a request to "" and produce certificate
> verification failures in the client because of mismatching domain
> names and such.
> So I thought of simply changing the svn:externals definition to
> "" which I can then redirect to
> "" on my public server. In my tests that
> seemed to work properly and the important part is that the locally
> created working copy for svn:externals only contained HTTPS-URLs.
> So am I correct that my approach is safe regarding that no user
> passwords or such are going unencrypted over the wire if only the
> first request doesn't contain such passwords and will always only be
> the redirect? Any other problems which I might overlook currently?

The key Subversion uses to store passwords is different between http and https, so a password
used for https won't be used for http.

There are other options to specify your externals; see 'svn help propset'
      The URL may be a full URL or a relative URL starting with one of:
        ../  to the parent directory of the extracted external
        ^/   to the repository root
        /    to the server root
        //   to the URL scheme
      ^/../  to a sibling repository beneath the same SVNParentPath location


View raw message