[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: running test-suite over https

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Mon, 13 Aug 2012 17:10:29 +0100

I considered generating the certificate but I am wary of draining the
system entropy. I don't know how much entropy generating an SSL
certificate requires but the testsuite doesn't need a high quality
certificate and it should avoid using entropy if possible. So I
embedded a pre-generated certificate in the script.

Ben Reser <ben_at_reser.org> writes:

> Neon's test suite has some logic in it to generate certificates. We
> should probably do something similar for this.
>
> Side note: If someone implements it just please don't do what neon
> does and depend on the Gnu specific flag '-d' to the date command to
> figure out the right timestamp to set on the cert(s). I believe date
> -v is much more portable (though I haven't gotten around to checking
> more than OS X and Linux).
>
> On Mon, Aug 13, 2012 at 6:27 AM, Philip Martin
> <philip.martin_at_wandisco.com> wrote:
>> My mistake. In my case the certificate embedded in davautocheck.sh has
>> expired:
>>
>> W: Error validating server certificate for 'https://localhost:13864':
>> W: - The certificate is not issued by a trusted authority. Use the
>> W: fingerprint to validate the certificate manually!
>> W: - The certificate has expired.
>>
>> If I update the script to use an in-date certificate the tests PASS over
>> SSL.
>

-- 
Certified & Supported Apache Subversion Downloads:
http://www.wandisco.com/subversion/download
Received on 2012-08-13 18:11:07 CEST

This is an archived mail posted to the Subversion Dev mailing list.