[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Bug report: Regression SVN Client, SSL, Serf 1.3.9-3, SSLVerifyClient require

From: Philip Martin <philip_at_codematters.co.uk>
Date: Tue, 31 Jul 2018 20:09:13 +0100

Daniel Shahaf <d.s_at_daniel.shahaf.name> writes:

> Subversion uses Serf, which uses OpenSSL, which talks to an SSL implementation
> on the server. The root cause of the error is known to the SSL implementation
> on the server (that's why you see it in the error log). It's not obvious that
> OpenSSL on the client side even knows what the root cause is.

In this case the client knows exactly what is wrong, it's the one
closing the connection because:

140258270184704:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:303:

Could we get our client to show that error? We would need a new serf
API to marshal the error message back to Subversion.

-- 
Philip
Received on 2018-07-31 21:09:29 CEST

This is an archived mail posted to the Subversion Dev mailing list.