Garret Wilson wrote:
> Uh, oh, the problem is even worse than I thought. The thing is, I *do*
> have a real certificate. Check for yourself: browse to
> https://svn.globalmentor.com/test/ and enter:
>
> [...]
>
> So I shouldn't even see the prompts in the first place. What's wrong?
Subversion. :-(
The problem is that Subversion never installs the system's SSL
authorities file. I think the following patch is a very good idea. I've
tested this patch on Linux for sites using both real and self-signed
certificates, with and without an ssl-authorities-file configuration
directive, and it works just fine. The patch is for 0.25, but applies on
trunk as well.
* subversion/libsvn_ra_dav/session.c (svn_ra_dav__open):
Call ne_ssl_load_default_ca to install default CA authorities if no
authorities file was configured.
/Tobias
diff -ru subversion-0.25.orig/subversion/libsvn_ra_dav/session.c subversion-0.25/subversion/libsvn_ra_dav/session.c
--- subversion-0.25.orig/subversion/libsvn_ra_dav/session.c 2003-07-10 17:27:01.000000000 +0200
+++ subversion-0.25/subversion/libsvn_ra_dav/session.c 2003-07-21 12:16:46.000000000 +0200
@@ -616,6 +616,11 @@
ne_ssl_load_ca(sess, authorities_file);
ne_ssl_load_ca(sess2, authorities_file);
}
+ else
+ {
+ ne_ssl_load_default_ca(sess);
+ ne_ssl_load_default_ca(sess2);
+ }
/* When the CA certificate or server certificate has
verification problems, neon will call our verify function before
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jul 21 12:34:52 2003