On Mon, Jul 21, 2003 at 06:59:52AM +0200, Martin v. Löwis wrote:
> Garret Wilson <garret@globalmentor.com> writes:
>
> > This also requires that I install some CA file on my web server, so
> > maybe neon has some problems with this extra CA step---but it works
> > fine with every browser I've used.
> >
> > So I shouldn't even see the prompts in the first place. What's wrong?
>
> I think you are missing a number of points here. Neon, by itself, does
> not trust any CA, neither Comodo Class 3 Security Services CA, nor GTE
> Cybertrust. You actively have to *configure* which certificates neon
> trust, and you have to do that on the client side.
>
> So you have to save both the Comodo certificate and the GTE
> certificate into a PEM file, and list this PEM file as
> ssl-authorities-file.
>
> Alternatively, you can have openssl trust these CAs by default - you
> would have to find out where openssl stores it CA certs and verify
> that the two certificates are listed there.
OpenSSL does not trust any CAs by default either; if you want to
configure neon to trust the bundle of CA root certs which are included
in OpenSSL you have to call ne_ssl_trust_default_ca (s/trust/load for
neon 0.23) on the session object.
joe
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jul 21 12:07:12 2003