[cvsnt] pserver && encryption

Tony Hoyle tmh at nodomain.org
Fri Jun 6 10:07:40 BST 2003

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

On Thu, 5 Jun 2003 17:33:51 -0400, "Keith D. Zimmerman"
<keith at eagle-solutions.com> wrote:

>So there would be no way other than user education to prevent the
>clueless from spewing passwords across the untrusted network using
>pserver, correct?

If you delete the pserver protocol from the server then a pserver client will
never be able to connect.  Other than that, it's an inherent weakness of the
pserver protocol.

>"all of the above" - so even if strict checking is off, it'll still say
>the certificate is invalid if it comes from cacert/verisign, but has
>been revoked, or is invalid according to the cert authority, or the
>CommonName does not match?=09

Yes (not 100% sure of the revoked question... the openssl book is unclear as
to whether it checks the CRL by default.  I'd expect it does, though).


More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook