Re: tsvn 1.7.7 and later: client certificates: unsupported algorithm nid

On 28.10.2012 15:30, vario fox wrote:
> I am sorry, but i'll have to insist :-) I don't believe a
> misconfiguration / trust issue to be the problem.
>
> It works in the following scenarios: - many recent versions of
> Internet Explorer - many recent versions of Firefox - all versions of
> tortoise svn up to 1.7.6 - cygwin-based svn, Version 1.7.7
> (r1393599) All on at least 10 different computers, some with the
> same, some with other client certificates.
>
> It does not work with versions of tortoise svn above 1.7.6 on two
> different machines using two different client certificates, neither
> in the GUI nor in the command line mode.

"SSL handshake failed: SSL error: unsupported algorithm nid"
That indicates that your server or a proxy in between uses an
unsupported algorithm.
TSVN always uses the latest OpenSSL version with the default build
options. And recent versions of OpenSSL made some changes, including:
* deactivating insecure algorithms (those that have been "broken" lately
or are considered not secure anymore)
* strengthen cert verification, e.g. certs in the chain that worked
before might not work anymore since they're not secure enough

That's all I can tell you.
I only compile OpenSSL and the svn lib, I don't know the code that does
the whole authentication.
Maybe you can get more help on the svn users list or an openssl list.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3024165
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].