On Thu, May 6, 2021 at 8:57 AM Nils-Johan Andreasson <nj.andreas...@gmail.com> wrote: > > Thanks for excellent input! > > Unfortunately this external library is being very widely used and is not > shipped with svn included. Rather it relies on being able to use svn if > detected as installed on the system, so simply waiting for a new release > wouldn't be an option to make a library-wide change. > > The only other work-around I can come to think of would be if there is a way > to probe whether a server uses/requires encryption for communication. > Let's say I access svn://hostname/repository > Is there a way (command) to remotely determine if the svn server behind > 'hostname' has sasl enabled/uses encryption/enforces a min_ssf >= 128? > Preferably without having to send any authentication credentials (to not risk > sending anything in clear text). > If so, an initialization step could hopefully be added which determines > whether the source is deemed to be secure to access or not. > > I have indeed considered svn+ssh but there are other details involved which > makes me prefer to stay with svnserve and svn:// if possible.
All commands already accept the --config-option, so you could just cherry pick something from your existing client configuration that you pass on the command line and then ask your library to look for the presence of that option(s) as a sign that the connection is encrypted. I am not familiar with the SASL options in the client config, but this is an example from the documentation: --config-option servers:global:http-library=serf So any value from the servers or config file can be passed on the command line. Hope this helps Mark
