On Mon, 2003-09-08 at 15:41, Mukund wrote:
> On Mon, Sep 08, 2003 at 03:33:36PM -0500, Doug Dicks wrote:
> >
> > This is now broke and I get prompted to confirm my server's certificate
> > every time. I assume this is due to the following change from the
> > release notes for .29:
>
> The server CA certificate files (ssl-authority-files) are still PEM
> encoded. It is now seperated to be one certificate per file. The option
> is now called 'ssl-authority-files'.
> If your server certificate is signed by Equifax, you will have to get
> their CA certificate and use that with the 'ssl-authority-files' option.
Got it. Thanks. I am only concerned about the CA files right now. I
extracted the Equifax cert that came with RH from
/usr/share/ssl/cert.pem and everything works great.
Interestingly enough, it also picks it up correctly if I leave the file
as is with multiple CA certs as well. Looks like part (all) of this was
stupid-user-error. ssl-authority-files != ssl-authorities-files I
changed file to files, but not authorities to authority. Stupid. I
read the release notes and assumed that was the problem was related to
the "dropped support for PEM-encoded clients", not understanding the
difference between the CA files and the client certs.
Sorry, and thanks,
Doug
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Sep 9 00:48:59 2003