subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: svn + SSL?
Date Wed, 23 Dec 2015 09:16:06 GMT
Nico Kadel-Garcia wrote on Mon, Dec 21, 2015 at 19:07:18 -0500:
> On Mon, Dec 21, 2015 at 2:21 PM, David Brodbeck <brodbd@uw.edu> wrote:
> >
> >
> > On Sat, Dec 19, 2015 at 2:43 AM, Daniel Shahaf <d.s@daniel.shahaf.name>
> > wrote:
> >>
> >> Or perhaps stunnel, which has its pros and cons (e.g., an SSL
> >> vulnerability won't compromise the svn process).
> >
> >
> > I thought about suggesting that, too, but I'm not sure it's workable.  While
> > it'd be easy to set up on the server side, it would be very clumsy on the
> > client side, since the client isn't going to understand svn-over-TLS without
> > its own stunnel instance.
> 
> Sure it can. This is similar to how svn+ssh works. For stunnel, you'd
> set up a port tunnel from a port on your localhost.

Or you could use a stdio tunnel:

    svn info svn+ssl://host/foo/bar --config-option=config:tunnels:ssl='$SVN_SSL /path/to/script'

with /path/to/script being

    #!/bin/sh
    socat STDIO OPENSSL:$1:3691

($1 is the remote hostname)

Mime
View raw message