Hello Matieu,
mount.davfs does not *send* login/password before verifying the server
certificate.
The reason, why it asks the user in advance is: it can only ask the
user, as long as it is not in daemon mode. But request from the server
for credentials may come at any time.
For example: some servers don't ask for credentials when mount.davfs
sends it's first OPTIONS-request. After this request, mount.davfs will
change into daemon mode and is no longer able to ask the user anything.
When mount.davfs does a PROPFIND-request, the server will ask for
credentials.
So mount.davfs asks for credentials as part of the start-up code, when
gathering configuration information; i.e. as lang as it can ask the user.
Credentials are send to the server only when asked for. With TLS/SSL
this is after the TSL-connection is established.
Cheers
Werner (upstream developer)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]