[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 0.29.0 - PKCS12 Certificates Only?

From: Doug Dicks <dwd-l_at_revelanttech.com>
Date: 2003-09-09 00:45:25 CEST

On Mon, 2003-09-08 at 15:41, Mukund wrote:
> On Mon, Sep 08, 2003 at 03:33:36PM -0500, Doug Dicks wrote:
> >
> > This is now broke and I get prompted to confirm my server's certificate
> > every time. I assume this is due to the following change from the
> > release notes for .29:
>
> The server CA certificate files (ssl-authority-files) are still PEM
> encoded. It is now seperated to be one certificate per file. The option
> is now called 'ssl-authority-files'.

> If your server certificate is signed by Equifax, you will have to get
> their CA certificate and use that with the 'ssl-authority-files' option.

Got it. Thanks. I am only concerned about the CA files right now. I
extracted the Equifax cert that came with RH from
/usr/share/ssl/cert.pem and everything works great.

Interestingly enough, it also picks it up correctly if I leave the file
as is with multiple CA certs as well. Looks like part (all) of this was
stupid-user-error. ssl-authority-files != ssl-authorities-files I
changed file to files, but not authorities to authority. Stupid. I
read the release notes and assumed that was the problem was related to
the "dropped support for PEM-encoded clients", not understanding the
difference between the CA files and the client certs.

Sorry, and thanks,

Doug

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Sep 9 00:48:59 2003

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.