subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bo Berglund <bo.bergl...@gmail.com>
Subject Re: Reverting accidental permanent acceptance of SSL certificate?
Date Sun, 11 Feb 2018 20:00:16 GMT
On Sun, 11 Feb 2018 19:30:04 +0000, Philip Martin
<philip@codematters.co.uk> wrote:

>Bo Berglund <bo.berglund@gmail.com> writes:
>
>> How can I revert this? Is there a client svn command to un-accept a
>> certificate? All I find when googling is the opposite, i.e. how to
>> accept a certificate...
>
>Use
>
>  svn auth
>to see all the stored credentials.  Use
>
>  svn auth SOMEPATTERN
>to show just those matching SOMEPATTERN.  Use
>
>  svn auth --remove SOMEPATTERN
>to remove those matching SOMEPATTERN.

Thanks, this helps a lot.
I have now looked into what got saved below .subversion/auth and it
seems like the bogus acceptance did not in fact make it into the auth
area while the valid certificate and login did.

I found the certificate acceptance in this file:

~/.subversion/auth/svn.ssl.server/52e60f46d8c02303aea5256b18eb7aac

It looks perfectly safe, does not contain anything especially useful.

But now now I have examined the other file I found and my svn username
and password is indeed stored in plain text in the file:

~/.subversion/auth/svn.simple/03994a04eb338a432667e51f0e0720bf

It feels like it would be a bit better if this was also "encrypted" in
some way tied to my logon for example.
The file permissions are both 664, i.e. world readable...

However the parent directory "auth" has permissions set to 700 so I
guess this is some protection at least.

Case closed. :)


-- 
Bo Berglund
Developer in Sweden


Mime
View raw message