Re: Hard time to verify ssl server certificate.

From: Tobias Ringström <tobias_at_ringstrom.mine.nu>
Date: 2005-02-28 18:47:18 CET

Josef Wolf wrote:

>Do you know a better way? tinyca gave me the md5, probably because this
>is the default with RSA keys. svn presented sha1. How do I verify that
>the certificate is valid when I have only md5 and svn presents me sha1?
>
>
[I agree with everything Sussman has said, and I can confirm that neon
is only giving us the SHA-1 fingerprint, although it does not seem to be
documented anywhere.]

There are two problems here. The first is that Subversion does not
specify that it's displaying the SHA-1 fingerprint (although you tell in
a hackish way by the different fingerprint size), and the second is that
tinyca (which I know nothing about, btw) does not show you the SHA-1
fingerprint. I will work on making Subversion say that it's showing the
SHA-1 fingerprint, but you might want to contact the author of tinyca to
also show the SHA-1 fingerprint as well as the MD5 fingerprint.

In the mean time, you should be able to generate an SHA-1 fingerprint
when you create the certificate using openssl using something like

openssl x509 -in server.crt -noout -fingerprint -sha1

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Feb 28 18:49:51 2005

This message: [ Message body ]
Next message: Brian Buesker: "Reverting File Added by Merge"
Previous message: Dirk Schenkewitz: "chrooted server?"
In reply to: Josef Wolf: "Re: Hard time to verify ssl server certificate."
Next in thread: Josef Wolf: "Re: Hard time to verify ssl server certificate."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]