Add information on preferred protocols and HTTPS fingerprint verification
to the Subversion Mirror Sites section. Reviewed by: simon (slightly earlier version)
This commit is contained in:
Warren Block
parent
5aaa4aaadf
commit
cb2b3b391b
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=40872
1 changed files with 38 additions and 2 deletions
|
|
@ -669,7 +669,7 @@
|
|||
present but was not created by <command>svn</command>,
|
||||
remember to rename or delete it before the checkout.</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>svn checkout https://svn0.us-west.FreeBSD.org/ports/head /usr/ports</userinput></screen>
|
||||
<screen>&prompt.root; <userinput>svn checkout <replaceable>https://svn0.us-west.FreeBSD.org</replaceable>/ports/head /usr/ports</userinput></screen>
|
||||
|
||||
<para>Because the initial checkout has to download the full
|
||||
branch of the remote repository, it can take a while. Please
|
||||
|
|
@ -716,7 +716,7 @@
|
|||
</sect1>
|
||||
|
||||
<sect1 id="svn-mirrors">
|
||||
<title><application>Subversion</application> Sites</title>
|
||||
<title><application>Subversion</application> Mirror Sites</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>Subversion Repository</primary>
|
||||
|
|
@ -791,6 +791,42 @@
|
|||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
|
||||
<para><acronym>HTTPS</acronym> is the preferred protocol,
|
||||
providing protection against another computer pretending to be
|
||||
the &os; mirror (commonly known as a <quote>man in the
|
||||
middle</quote> attack) or otherwise trying to send bad content
|
||||
to the end user.</para>
|
||||
|
||||
<para>On the first connection to an <acronym>HTTPS</acronym>
|
||||
mirror, the user will be asked to verify the server
|
||||
<emphasis>fingerprint</emphasis>:</para>
|
||||
|
||||
<screen>Error validating server certificate for 'https://svn0.us-west.freebsd.org:443':
|
||||
- The certificate is not issued by a trusted authority. Use the
|
||||
fingerprint to validate the certificate manually!
|
||||
Certificate information:
|
||||
- Hostname: svnmir.ysv.FreeBSD.org
|
||||
- Valid: from Fri, 24 Aug 2012 22:04:04 GMT until Sat, 24 Aug 2013 22:04:04 GMT
|
||||
- Issuer: clusteradm, FreeBSD.org, CA, US
|
||||
- Fingerprint: 79:35:8f:ca:6d:34:d9:30:44:d1:00:af:33:4d:e6:11:44:4d:15:ec
|
||||
(R)eject, accept (t)emporarily or accept (p)ermanently?</screen>
|
||||
|
||||
<para>Compare the fingerprint shown to those listed in the table
|
||||
above. If the fingerprint matches, the server security
|
||||
certificate can be accepted temporarily or permanently. A
|
||||
temporary certificate will expire after a single session with
|
||||
the server, and the verification step will be repeated on the
|
||||
next connection. Accepting the certificate permanently will
|
||||
store the authentication credentials in
|
||||
<filename role="directory">~/.subversion/auth/</filename> and
|
||||
the user will not be asked to verify the fingerprint again until
|
||||
the certificate expires.</para>
|
||||
|
||||
<para>If <acronym>HTTPS</acronym> cannot be used due to firewall
|
||||
or other problems, <literal>SVN</literal> is the next choice,
|
||||
with slightly faster transfers. When neither can be used, use
|
||||
<acronym>HTTP</acronym>.</para>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="cvsup">
|
||||
|
|
|
|||
Loading…
Reference in a new issue