Re: svn commit: r1863018 - /subversion/trunk/subversion/libsvn_subr/win32_crypto.c

2019-07-14 Thread Branko Čibej
On 14.07.2019 17:51, Evgeny Kotkov wrote: > Branko Čibej writes: > >> Uh. I don't think so. >> >> First of all, the reference to Chromium source is a red herring ... that >> code disables CRL/OCSP checks *if some caller required it to*. You'll >> find that browsers do, indeed, check CRL or OCSP

Re: svn commit: r1863018 - /subversion/trunk/subversion/libsvn_subr/win32_crypto.c

2019-07-14 Thread Evgeny Kotkov
Branko Čibej writes: > Uh. I don't think so. > > First of all, the reference to Chromium source is a red herring ... that > code disables CRL/OCSP checks *if some caller required it to*. You'll > find that browsers do, indeed, check CRL or OCSP info, if it's available. I went through an

[PATCH] svn_load_dirs.pl: do not print password to screen (v2)

2019-07-14 Thread geoffrey . alary
Hi, > > > > It implements a security feature: to hide the password when printing > > > > the command line to screen. > > > > > > I suggest to add a warning to usage() that passing the password in > > > a command-line argument may make it visible to other local OS users. > > > > Do you mean that

Re: [PATCH] svn_load_dirs.pl: do not print password to screen

2019-07-14 Thread Geoffrey Alary
Hi Brane, Ok I understand, thank you. Best regards, Geoffrey Le dim. 14 juil. 2019 à 19:52, Branko Čibej a écrit : > > On 14.07.2019 09:47, Geoffrey Alary wrote: > > Hi Daniel, > > > >>> CC: both of the most recent and biggest contributors to this file. > >> In principle, same answer as in

CRL and OCSP verification [was: Re: svn commit: r1863018 ...]

2019-07-14 Thread Branko Čibej
On 14.07.2019 00:29, Branko Čibej wrote: > On 13.07.2019 23:31, kot...@apache.org wrote: >> Author: kotkov >> Date: Sat Jul 13 21:31:25 2019 >> New Revision: 1863018 >> >> URL: http://svn.apache.org/viewvc?rev=1863018=rev >> Log: >> Win32: tweak the SSL certificate validation override to avoid

Re: [PATCH] svn_load_dirs.pl: do not print password to screen

2019-07-14 Thread Daniel Shahaf
> > > It implements a security feature: to hide the password when printing > > > the command line to screen. > > > > I suggest to add a warning to usage() that passing the password in > > a command-line argument may make it visible to other local OS users. > > Do you mean that showing a warning

Re: [PATCH] svn_load_dirs.pl: do not print password to screen

2019-07-14 Thread Branko Čibej
On 14.07.2019 09:47, Geoffrey Alary wrote: > Hi Daniel, > >>> CC: both of the most recent and biggest contributors to this file. >> In principle, same answer as in the other thread (ENOTIME unless it's a >> regression I signed off on); but… > Ok noted. Thank you for your replies. > >>> It

Re: [PATCH] svn_load_dirs.pl: do not print password to screen

2019-07-14 Thread Geoffrey Alary
Hi Daniel, > > CC: both of the most recent and biggest contributors to this file. > > In principle, same answer as in the other thread (ENOTIME unless it's a > regression I signed off on); but… Ok noted. Thank you for your replies. > > It implements a security feature: to hide the password when

Re: [PATCH] svn_load_dirs.pl: do not print password to screen

2019-07-14 Thread Daniel Shahaf
geoffrey.al...@gmail.com wrote on Sun, Jul 14, 2019 at 00:51:54 +1200: > CC: both of the most recent and biggest contributors to this file. In principle, same answer as in the other thread (ENOTIME unless it's a regression I signed off on); but… > It implements a security feature: to hide the

Re: [PATCH] svn_load_dirs.pl: fix broken cleanup

2019-07-14 Thread Daniel Shahaf
geoffrey.al...@gmail.com wrote on Sun, Jul 14, 2019 at 00:42:46 +1200: > CC: both of the most recent and biggest contributors to this file. I've applied some svn_load_dirs patches in the past, but I won't be able to review this one, unless it's about fixing a regression introduced by a changeset