diff options
author | Warren Block <wblock@FreeBSD.org> | 2013-02-02 22:49:03 +0000 |
---|---|---|
committer | Warren Block <wblock@FreeBSD.org> | 2013-02-02 22:49:03 +0000 |
commit | cb2b3b391b6f3df2184b52f794811e2491fcc45e (patch) | |
tree | 45aa2091be893ffea2e4739a155bbc4db09b2a07 /en_US.ISO8859-1/books/handbook/mirrors/chapter.xml | |
parent | 5aaa4aaadf3ba66edd41824f2931bfec7c7fde0b (diff) | |
download | doc-cb2b3b391b6f3df2184b52f794811e2491fcc45e.tar.gz doc-cb2b3b391b6f3df2184b52f794811e2491fcc45e.zip |
Add information on preferred protocols and HTTPS fingerprint verification
to the Subversion Mirror Sites section.
Reviewed by: simon (slightly earlier version)
Notes
Notes:
svn path=/head/; revision=40872
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mirrors/chapter.xml')
-rw-r--r-- | en_US.ISO8859-1/books/handbook/mirrors/chapter.xml | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml b/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml index 66d8f2add1..1526051a5d 100644 --- a/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml @@ -669,7 +669,7 @@ present but was not created by <command>svn</command>, remember to rename or delete it before the checkout.</para> - <screen>&prompt.root; <userinput>svn checkout https://svn0.us-west.FreeBSD.org/ports/head /usr/ports</userinput></screen> + <screen>&prompt.root; <userinput>svn checkout <replaceable>https://svn0.us-west.FreeBSD.org</replaceable>/ports/head /usr/ports</userinput></screen> <para>Because the initial checkout has to download the full branch of the remote repository, it can take a while. Please @@ -716,7 +716,7 @@ </sect1> <sect1 id="svn-mirrors"> - <title><application>Subversion</application> Sites</title> + <title><application>Subversion</application> Mirror Sites</title> <indexterm> <primary>Subversion Repository</primary> @@ -791,6 +791,42 @@ </tbody> </tgroup> </informaltable> + + <para><acronym>HTTPS</acronym> is the preferred protocol, + providing protection against another computer pretending to be + the &os; mirror (commonly known as a <quote>man in the + middle</quote> attack) or otherwise trying to send bad content + to the end user.</para> + + <para>On the first connection to an <acronym>HTTPS</acronym> + mirror, the user will be asked to verify the server + <emphasis>fingerprint</emphasis>:</para> + + <screen>Error validating server certificate for 'https://svn0.us-west.freebsd.org:443': + - The certificate is not issued by a trusted authority. Use the + fingerprint to validate the certificate manually! +Certificate information: + - Hostname: svnmir.ysv.FreeBSD.org + - Valid: from Fri, 24 Aug 2012 22:04:04 GMT until Sat, 24 Aug 2013 22:04:04 GMT + - Issuer: clusteradm, FreeBSD.org, CA, US + - Fingerprint: 79:35:8f:ca:6d:34:d9:30:44:d1:00:af:33:4d:e6:11:44:4d:15:ec +(R)eject, accept (t)emporarily or accept (p)ermanently?</screen> + + <para>Compare the fingerprint shown to those listed in the table + above. If the fingerprint matches, the server security + certificate can be accepted temporarily or permanently. A + temporary certificate will expire after a single session with + the server, and the verification step will be repeated on the + next connection. Accepting the certificate permanently will + store the authentication credentials in + <filename role="directory">~/.subversion/auth/</filename> and + the user will not be asked to verify the fingerprint again until + the certificate expires.</para> + + <para>If <acronym>HTTPS</acronym> cannot be used due to firewall + or other problems, <literal>SVN</literal> is the next choice, + with slightly faster transfers. When neither can be used, use + <acronym>HTTP</acronym>.</para> </sect1> <sect1 id="cvsup"> |