RE: Is it safe to redirect from HTTP to HTTPS in case of svn:externals?
-Original Message- From: Thorsten Schöning [mailto:tschoen...@am-soft.de] Sent: woensdag 19 augustus 2015 21:50 To: users@subversion.apache.org Subject: Is it safe to redirect from HTTP to HTTPS in case of svn:externals? Hi, I'm implementing publicly accessible mod_davn_svn in addition to some internally used svnserve. Some of my repos use svn:externals where we used to defined //internal.example.org/..., my publicly available entry point is https://external.example.org;. For the public internal.example.org is resolved as external.example.org, so checking out a repo from HTTPS with svn:externals used would result in a request to https://internal.example.org; and produce certificate verification failures in the client because of mismatching domain names and such. So I thought of simply changing the svn:externals definition to http://internal.example.org; which I can then redirect to https://external.example.org; on my public server. In my tests that seemed to work properly and the important part is that the locally created working copy for svn:externals only contained HTTPS-URLs. So am I correct that my approach is safe regarding that no user passwords or such are going unencrypted over the wire if only the first request doesn't contain such passwords and will always only be the redirect? Any other problems which I might overlook currently? The key Subversion uses to store passwords is different between http and https, so a password used for https won't be used for http. There are other options to specify your externals; see 'svn help propset' [[ The URL may be a full URL or a relative URL starting with one of: ../ to the parent directory of the extracted external ^/ to the repository root /to the server root // to the URL scheme ^/../ to a sibling repository beneath the same SVNParentPath location ]] Bert
Re: Is it safe to redirect from HTTP to HTTPS in case of svn:externals?
Guten Tag Bert Huijben, am Mittwoch, 19. August 2015 um 22:06 schrieben Sie: The key Subversion uses to store passwords is different between http and https, so a password used for https won't be used for http. It's bit late for me, so: This is good thing in my setup, right? :-) There are other options to specify your externals; see 'svn help propset' I know, but my example was simplified, my repos are still mainly hosted by different svnserve instances, so that URIs and Ports differ and such. I couldn't find anything better in the newer syntax for svn:externals dealing with what I have currently... Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...05151- 9468- 55 Fax...05151- 9468- 88 Mobil..0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow