subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bert Huijben" <b...@qqmail.nl>
Subject RE: Is it safe to redirect from HTTP to HTTPS in case of svn:externals?
Date Wed, 19 Aug 2015 20:06:47 GMT


> -----Original Message-----
> From: Thorsten Schöning [mailto:tschoening@am-soft.de]
> Sent: woensdag 19 augustus 2015 21:50
> To: users@subversion.apache.org
> Subject: Is it safe to redirect from HTTP to HTTPS in case of svn:externals?
> 
> Hi,
> 
> I'm implementing publicly accessible mod_davn_svn in addition to some
> internally used svnserve. Some of my repos use svn:externals where we
> used to defined "//internal.example.org/...", my publicly available
> entry point is "https://external.example.org". For the public
> "internal.example.org" is resolved as "external.example.org", so
> checking out a repo from HTTPS with svn:externals used would result in
> a request to "https://internal.example.org" and produce certificate
> verification failures in the client because of mismatching domain
> names and such.
> 
> So I thought of simply changing the svn:externals definition to
> "http://internal.example.org" which I can then redirect to
> "https://external.example.org" on my public server. In my tests that
> seemed to work properly and the important part is that the locally
> created working copy for svn:externals only contained HTTPS-URLs.
> 
> So am I correct that my approach is safe regarding that no user
> passwords or such are going unencrypted over the wire if only the
> first request doesn't contain such passwords and will always only be
> the redirect? Any other problems which I might overlook currently?

The key Subversion uses to store passwords is different between http and https, so a password
used for https won't be used for http.

There are other options to specify your externals; see 'svn help propset'
[[
      The URL may be a full URL or a relative URL starting with one of:
        ../  to the parent directory of the extracted external
        ^/   to the repository root
        /    to the server root
        //   to the URL scheme
      ^/../  to a sibling repository beneath the same SVNParentPath location
]]


	Bert



Mime
View raw message