[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [TSVN] Bug: Toirtoise not handling chained SSL certificates correctly

From: SteveKing <steveking_at_gmx.ch>
Date: 2004-09-29 13:18:26 CEST

Stephane ODUL wrote:

> I have a svn repository on an https webserver, say https://svn.foo.com/svn
>
> I have purchased a signed SSL key for my server from freessl and
> installed everything correctly. Now my web browser are not complaining
> anymore about the validity of my https server.
> The official svn client is not complaining either.
>
> The problem is: Tortoise svn is complaining that my certificate
> authority cannot be trusted. My SSL key is signed by free SSL which in
> turn is signed by geotrust.
>
> The problem seems to be that tortoise is unable to handle chained ssl
> and my understanding is that openssl has not be compiled with the
> correct option to handle it.
>
> I have tried to compile the official svn client myself with ssl support
> and got the same problem as tortoisesvn: my chained key was not trusted.

I guess you compiled Subversion with VS.NET and not VC6?

Please search your windows and system32 folder for ssleay32.dll and
libeay32.dll. If you find those somewhere in the windows/system32
folder, then find out which program installed it there and then go and
hit the devs of that app with a big stick!
Then, remove that app. Once those dll's are gone, you might find that
TSVN and your compiled Subversion client will work again.

Just a note: OpenSSL is _not_ meant to be used as a shared lib. Here's
an excerpt from their INSTALL file:

  Note on shared libraries
  ------------------------

  Shared library is currently an experimental feature. The only reason to
  have them would be to conserve memory on systems where several program
  are using OpenSSL. Binary backward compatibility can't be guaranteed
  before OpenSSL version 1.0.

  For some systems, the OpenSSL Configure script knows what is needed to
  build shared libraries for libcrypto and libssl. On these systems,
  the shared libraries are currently not created by default, but giving
  the option "shared" will get them created. This method supports Makefile
  targets for shared library creation, like linux-shared. Those targets
  can currently be used on their own just as well, but this is expected
  to change in future versions of OpenSSL.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Wed Sep 29 14:21:17 2004

This is an archived mail posted to the TortoiseSVN Dev mailing list.