[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Derek R. Price
Subject: Re: CVS & SSL
Date: Tue, 22 May 2001 00:44:41 -0400

"Greg A. Woods" wrote:

> [ On Monday, May 21, 2001 at 17:12:11 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > P.S. the following script is necessary to use tcpclient with the patch:
> >
> > address@hidden ccvs-ssl]$ cat
> > #! /bin/sh
> > cat <&6 &
> > cat >&7
> >
> > tell tcpclient to exec  This turns the 'tcpclient hostname port sh
> > `pwd`/' call into a straight socket pipe which is what I wrote the 
> > CVS patch
> > to require.
> OK, I'm really really really confused now.  Why the heck does CVS need
> changing in any way to use stunnel????
> Why not just use stunnel to tunnel RSH through?  Or alternately write a
> little wrapper script that looks like 'rsh' from the command-line but
> uses stunnel to create the connection and start the server on the other
> side?
> Why does this have to be made so "difficult"?

Writing an RSH wrapper was my first idea.  It turned out to be difficult because
CVS expects RSH to handle the 'setuid' in this case.  This code will tunnel an 
pserver connection with all that entails.

Incidentally, the bug is certainly in stunnel's client code.  I left stunnel 
running on
the server and substituted OpenSSL's s_client (man s_client) for stunnel on the 
side and the whole thing worked minus an unterminated string in the CVS client. 
somebody comes up with any major objections, I should check in the whole kit 'n
kiboodle (patch + bug fix) as soon as I finish documentation and a test case.


Derek Price                      CVS Solutions Architect ( )
mailto:address@hidden         CollabNet ( )
f u cn rd ths, u cn gt a gd jb n cmptr prgrmmng

reply via email to

[Prev in Thread] Current Thread [Next in Thread]