[cvsnt] sserver with self-signed certificates
Charles Oram
charlesoram at hotmail.com
Mon Mar 13 22:22:06 GMT 2006
Tony wrote:
>Charles Oram wrote:
>>Hi,
>>Is it possible to use CVSNT with sserver with self-signed client
>>certificates?
>>I've set up CVSNT to use sserver (with a Windows 2003 server) and I would
>>ideally like to be able to use sserver with client certificates, but as
>>far as I can make out this does not work with self-signed certificates.
>
>self signed certificates on the client make no sense - you might as well
>not bother with them if you're going to do that.
What I want is an extra level of authentication of the user by making them
have to have their private key installed on the computer they are accessing
CVS from, and making sure that the server only accepts logins from users
where the server know's the user's public key.
So if I install the user's self-signed certificate on the server, isn't that
just giving the server the user's public key so that the server can
authenticate the user? OK, I don't have the full chain of trust that you
have with signed certificates, but you need more than a username and
password to login to CVS then.
I take it from your answer that my original assumption was correct, i.e.
that CVSNT does not allow self-signed certificates? Looking at sserver.cpp
it seems so.
>
>>Is there any possibility that future versions of cvsnt might have a
>>configurable option to allow this?
>
>No.
>
>Tony
Fair enough. guess I could always recompile my own version of
sserver_protocol.dll if I was desparate to have it work that way.
regards,
Charles
_________________________________________________________________
Become a fitness fanatic @ http://xtramsn.co.nz/health
More information about the cvsnt
mailing list