[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

0.29.0 - PKCS12 Certificates Only?

From: Doug Dicks <dwd-l_at_revelanttech.com>
Date: 2003-09-08 22:33:36 CEST


I just upgraded to .29 under RedHat 9.

I was using the list of certificate authorities that came with RH9 to
validate the issuer (Equifax) of my server cert by adding the line
"ssl-authorities-file = /usr/share/ssl/cert.pem" to the global section
of my servers file.

This is now broke and I get prompted to confirm my server's certificate
every time. I assume this is due to the following change from the
release notes for .29:
"* SSL changes: (r6958, #1371)
     - dropped support for PEM-encoded client certs, only accept PKCS12
     - 'ssl-authority-files' is now a list of CA files
     - no more 'ssl-client-cert-type' and 'ssl-client-key-file'

I've been reading the various web pages returned by Google on pkcs12,
but am still at a loss for what to do about it. I've tried several
different ways to convert the PEM to PKCS12, but with no success.

Was there a big security problem with PEM certs?

I can get around this by adding "ssl-ignore-unknown-ca = true" to my
servers file, but would like to avoid this if possible.



To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Sep 8 22:34:55 2003

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.