Re: CVS & SSL

[Derek R. Price]

"Greg A. Woods" wrote:

> [ On Monday, May 21, 2001 at 17:12:11 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > P.S. the following script is necessary to use tcpclient with the patch:
> >
> > [dprice@empress ccvs-ssl]$ cat tmp.sh
> > #! /bin/sh
> > cat <&6 &
> > cat >&7
> >
> > tell tcpclient to exec tmp.sh.  This turns the 'tcpclient hostname port sh
> > `pwd`/tmp.sh' call into a straight socket pipe which is what I wrote the 
> > CVS patch
> > to require.
>
> OK, I'm really really really confused now.  Why the heck does CVS need
> changing in any way to use stunnel????
>
> Why not just use stunnel to tunnel RSH through?  Or alternately write a
> little wrapper script that looks like 'rsh' from the command-line but
> uses stunnel to create the connection and start the server on the other
> side?
>
> Why does this have to be made so "difficult"?

Writing an RSH wrapper was my first idea.  It turned out to be difficult because
CVS expects RSH to handle the 'setuid' in this case.  This code will tunnel an 
actual
pserver connection with all that entails.

Incidentally, the bug is certainly in stunnel's client code.  I left stunnel 
running on
the server and substituted OpenSSL's s_client (man s_client) for stunnel on the 
client
side and the whole thing worked minus an unterminated string in the CVS client. 
 Unless
somebody comes up with any major objections, I should check in the whole kit 'n
kiboodle (patch + bug fix) as soon as I finish documentation and a test case.

Derek

--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:dprice@collab.net         CollabNet ( http://collab.net )
--
f u cn rd ths, u cn gt a gd jb n cmptr prgrmmng