Jason Williard wrote:
>
> That recommendation was helpful, though I'm still unable to get SSL working.
> However, I feel more confident with this version of CVS. At this point, I
> have cvsnt-2.0.58d running. Once again, pserver is working but sserver is
> not.
If
I am able to successfully checkout the CVSROOT module using pserver, so I
>> know that system is working. I am assuming that the issue has to do with
>> the private key or public certificate, but I am not sure.
>>
>> Here is what I have installed:
>> - Fedora Core 1
That recommendation was helpful, though I'm still unable to get SSL working.
However, I feel more confident with this version of CVS. At this point, I
have cvsnt-2.0.58d running. Once again, pserver is working but sserver is
not. I am now getting the following error:
cvs checkout
working. I am assuming that the issue has to do with
> the private key or public certificate, but I am not sure.
>
> Here is what I have installed:
> - Fedora Core 1
> - 1.11.1p1.perm13 (From freepository.com)
> - OpenSSL 0.9.7a
>
> The SSL key and certificate were issued a
error:
---
cvs checkout: SSL connection failed (0):
error::lib(0):func(0):reason(0)
cvs [checkout aborted]: Connection to server failed
---
I am able to successfully checkout the CVSROOT module using pserver, so I
know that system is working. I am assuming that the issue has to do with
[ On Friday, June 1, 2001 at 15:45:16 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> > Huh? All I've seen are patches to CVS, not a proper stand-alone module!
>
> Perhaps I don't understand. What exactly are you proposing?
If you want to use S
"Greg A. Woods" wrote:
> [ On Friday, June 1, 2001 at 13:59:20 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > "Greg A. Woods" wrote:
> > >
> > > So build your little "provider" as an external program
[ On Friday, June 1, 2001 at 13:59:20 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> "Greg A. Woods" wrote:
> >
> > So build your little "provider" as an external program that CVS can call
> > and there'll be no problem! (wel
Greg A. Woods writes:
>
> My suggestion has *ALWAYS* been to only ever store just unix-format text
> files in CVS (even if your repository doesn't currently sit on a proper
> unix-like system). How you do that is up to you. My suggested
> implementation has (always, iirc) been to do the convers
[ On Saturday, June 2, 2001 at 07:42:50 (+0800), Mark Harrison wrote: ]
> Subject: Re: CVS & SSL
>
> Are you suggesting that we should not rely on our version control system
> to generate well-formed text files?
No, I'm suggesting that if you have to rely on using non
"Greg A. Woods" wrote:
> > Well, yeah. I think this discussion started about the generic socket
> > provider hook I provided, initially with the idea that it would be useful
> > with an SSL provider. This leaves CVS room to use authenticating and
> > non-au
From: Greg A. Woods <[EMAIL PROTECTED]> wrote:
> I'd suggest looking deeper into what SSH can really do; and also into
> better ways of dealing with inter-platform end-of-line issues that don't
> rely on your version-control tool to do the translation!
Are you suggesting that we should not rely o
[ On Thursday, May 31, 2001 at 08:34:21 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> Well, there _is_ a basis of at least suggesting models in the docs. I know
> that when I was a novice user I much preferred, "well, this'll get you up
> and
t; of the above in combination with a VPN then that's fine too. You should
> feel free to run your CVS server on a single-user operating system if
> you want. Issues of security should remain totally orthogonal to CVS
> (and indeed should be deemed inappropriate for this very foru
[ On Thursday, May 24, 2001 at 14:00:51 (-0500), Thornley, David wrote: ]
> Subject: RE: CVS & SSL
>
> Unless you can provide me with a way to use :ext: that handles different
> line-ending conventions properly
Use of :ext: and any handling of end-of-line issues is orthogonal.
&
[ On Thursday, May 24, 2001 at 15:26:17 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> > Maybe I need to ask for people to help me to produce a new release of
> > CVS based on my current private work so that a safe alternative
> > implementation is pub
[ On Thursday, May 24, 2001 at 15:26:17 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> By limiting CVS to :ext: you are limiting the choice of security models to those
> which provide _shell_accounts_on_the_server_! The socket provider model allows for
> any sor
Thornley, David writes:
>
> If CVS simply offered only the :ext: method, and a central server was used
> by people logging in from Macintoshes, Windows boxes, and Unix boxes,
> how would it keep the line-ending conventions straight? With pserver, the
> reads on the local files are performed by t
"Greg A. Woods" wrote:
> [ On Thursday, May 24, 2001 at 08:58:22 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > I don't _want_ to take the trouble to set up a separate SSH tunnel each time.
> > And I don't like allocating
[ On Thursday, May 24, 2001 at 08:58:22 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> I don't _want_ to take the trouble to set up a separate SSH tunnel each time.
> And I don't like allocating and tracking ports on my local machine for each CVS
>
And another few notes that might help convince you:
1. This patch makes no changes to the existing server
2. Nobody is required to use pserver
3. pserver isn't required to run as root
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTE
"Greg A. Woods" wrote:
> SSH can work that way to, obviously.
I don't _want_ to take the trouble to set up a separate SSH tunnel each time.
And I don't like allocating and tracking ports on my local machine for each CVS
server I connect to.
> setuid too? in CVS? grrr...
>
> DO NOT DO ANY SEC
[ On Wednesday, May 23, 2001 at 14:39:56 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> I only added code to cvs to exec an external "socket provider" and then run
> a pserver connection over that link. Whether that socket provider is
> cleartex
"Greg A. Woods" wrote:
> [ On Wednesday, May 23, 2001 at 10:30:22 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > Yes there is. The connection can no longer be sniffed. Stealing a
> > user's password would now require access
[ On Wednesday, May 23, 2001 at 10:30:22 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> Yes there is. The connection can no longer be sniffed. Stealing a
> user's password would now require access to the user's machine to read
> the .cvspass file
"Greg A. Woods" wrote:
> [ On Tuesday, May 22, 2001 at 00:44:41 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > > Why does this have to be made so "difficult"?
> >
> > Writing an RSH wrapper was my first idea.
[ On Tuesday, May 22, 2001 at 00:44:41 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> > Why does this have to be made so "difficult"?
>
> Writing an RSH wrapper was my first idea. It turned out to be difficult because
> CVS expects RSH to hand
"Greg A. Woods" wrote:
> [ On Monday, May 21, 2001 at 17:12:11 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > P.S. the following script is necessary to use tcpclient with the patch:
> >
> > [dprice@empress ccvs-ssl]$ cat
[ On Monday, May 21, 2001 at 17:12:11 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> P.S. the following script is necessary to use tcpclient with the patch:
>
> [dprice@empress ccvs-ssl]$ cat tmp.sh
> #! /bin/sh
> cat <&6 &
> cat >&7
&
lace of stunnel
and my patch works. I can login and update. Therefore this is almost certainly a
bug in stunnel - the CVS code is good.
P.S. the following script is necessary to use tcpclient with the patch:
[dprice@empress ccvs-ssl]$ cat tmp.sh
#! /bin/sh
cat <&6 &
cat >&7
I just submitted an almost complete patch to enable SSL with CVS via the
stunnel application to [EMAIL PROTECTED] if anybody wants to play with
it. I think it is stuck on a stupid stunnel bug/misconfiguration since
almost everything works, but I most likely won't have time to deal with
it
Martin,
> PPS: Maybe that this does not belong to this list,
> but I cannot find the mailinglist for winCVS.
I forwarded it. It's on egroups.com, "cvsgui"
Regards,
alex.
>
> ___
> Info-cvs mailing list
> [EMAIL PROTECTED]
> http://mail.gnu.org/
Hello,
on:
http://cvsauth.sourceforge.net/
is a WinCVS 1.2 which support SSL
encryption for the authentication.
regards,
Martin
PS: Only NT tested.
PPS: Maybe that this does not belong to this list,
but I cannot find the mailinglist for winCVS
e server's main function gets called and the
> > > whole process exits immediately upon return from that function?
> >
> > I don't think so. I'm not a security expert, but my understanding is
> > that any code physically linked into the executable is sus
Larry Jones wrote:
> Derek R. Price writes:
> >
> > Okay, that makes sense, but couldn't you achieve the same effect with a library?
> > Where the exec would have been, the server's main function gets called and the
> > whole process exits immediately upon return from that function?
>
> I don't t
supported a SSL option, then everything would be much
easier for users. In fact, if cvs works using stunnel, then only the
client code base would need to be changed to provide SSL support.
Cheers,
Paul
On Fri, 19 Jan 2001, Jeffrey A Schoolcraft wrote:
> I might have misunderstood what you
again, I totally might have misunderstood your question).
Jeffrey Schoolcraft
* Paul Wolstenholme ([EMAIL PROTECTED]) wrote:
> Hi,
>
> I recently installed stunnel and have been using it to provide ssl
> tunnelling for imap and pop. I thought this might be a good solution for
> cvs
Hi,
I recently installed stunnel and have been using it to provide ssl
tunnelling for imap and pop. I thought this might be a good solution for
cvs as well. I also saw in the archive a new cvs daemon that provides
SSL support.
Currently, I am using both the unix cvs client and wincvs client
Dan Kegel a écrit :
>
> I need encrypted sessions, but don't want to give shell
> accounts to my cvs users.
>
This might no suit exactly your needs, but fyi, check the following page
:
http://www.kitenet.net/programs/sshcvs/
--
Olivier BERGER IDEALX S.A.S.
Développeur
On Sun, Nov 05, 2000 at 09:40 -0800, Dan Kegel wrote:
>
> I need encrypted sessions, but don't want to give shell
> accounts to my cvs users.
Have you tried setting up an "anonymous" user whose only possible
command available via ssh is a (few seconds long) sleep(1)? As
long as this command is
I need encrypted sessions, but don't want to give shell
accounts to my cvs users.
Looking through the cvs-info archives, it seems there
are several projects to embed ssl support into pserver
mode, e.g. cvs-nserver and :sslserver: (or are those the same?).
What's the status of these ef
41 matches
Mail list logo