[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Re: certificate problems and 403 Forbidden for svn 0.25.0

From: Tobias Ringström <tobias_at_ringstrom.mine.nu>
Date: 2003-07-21 12:33:58 CEST

Garret Wilson wrote:
> Uh, oh, the problem is even worse than I thought. The thing is, I *do*
> have a real certificate. Check for yourself: browse to
> https://svn.globalmentor.com/test/ and enter:
> [...]
> So I shouldn't even see the prompts in the first place. What's wrong?

Subversion. :-(

The problem is that Subversion never installs the system's SSL
authorities file. I think the following patch is a very good idea. I've
tested this patch on Linux for sites using both real and self-signed
certificates, with and without an ssl-authorities-file configuration
directive, and it works just fine. The patch is for 0.25, but applies on
trunk as well.

* subversion/libsvn_ra_dav/session.c (svn_ra_dav__open):
   Call ne_ssl_load_default_ca to install default CA authorities if no
   authorities file was configured.


diff -ru subversion-0.25.orig/subversion/libsvn_ra_dav/session.c subversion-0.25/subversion/libsvn_ra_dav/session.c
--- subversion-0.25.orig/subversion/libsvn_ra_dav/session.c 2003-07-10 17:27:01.000000000 +0200
+++ subversion-0.25/subversion/libsvn_ra_dav/session.c 2003-07-21 12:16:46.000000000 +0200
@@ -616,6 +616,11 @@
           ne_ssl_load_ca(sess, authorities_file);
           ne_ssl_load_ca(sess2, authorities_file);
+ else
+ {
+ ne_ssl_load_default_ca(sess);
+ ne_ssl_load_default_ca(sess2);
+ }
       /* When the CA certificate or server certificate has
          verification problems, neon will call our verify function before

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jul 21 12:34:52 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.