[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Trouble with client certificates in Windows certificate store

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Tue, 09 Oct 2012 21:23:56 +0200

On 09.10.2012 08:25, Damon Wischik wrote:
> I am trying to connect to a SVN/Apache server, which uses client
> certificates.
>
> When I specify the path to my p12 file in
> \Users\me\AppData\Roaming\Subversion\servers, TortoiseSVN first
> prompts me for the passphrase, and then it connects to the repository
> with no problems, and lets me check it out.
>
> When I import exactly the same p12 file into Windows Internet Options
> (placing it under the Personal store), then Internet Explorer lets me
> browse the repository happily, but TortoiseSVN refuses to let me
> check it out. It says:
>
> OPTIONS of 'https://...': SSL handshake failed: SSL error:
> unsupported algorithm nid.
>
> Why should it work when TortoiseSVN finds the p12 from the Subversion
> servers file, but fail when it finds the p12 from the Windows
> Internet Options certificate store?

When you specify the p12 file, the signature doesn't have to be valid.
However, if you install the certificate, it must be signed properly and
the signature must be valid.
Also, when using the windows cert store, OpenSSL only allows SHA1, MD5
and MD5_SHA1 algorithms.

See the e_capi.c file in the OpenSSL source, look for
CAPI_R_UNSUPPORTED_ALGORITHM_NID.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3019253
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2012-10-09 21:24:05 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.